Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1505174
MD5:0ca13c099ee8094b069bc5731e460add
SHA1:91312c49389194c73dde0c56215f44f725dd5f96
SHA256:c4b7edbfe5989674c9717e1660353f385eb5f34afe95932d8e387b67dd86ec67
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7500 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0CA13C099EE8094B069BC5731E460ADD)
    • msedge.exe (PID: 7536 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7844 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,15309278543737732341,3283163508416092879,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 7556 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7644 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7672 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8868 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f32ec23-be7a-418b-8f61-b1a22111ea5c} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206e7d71110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7708 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4376 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {547c77f8-c020-4959-ad1e-5ce4ada21a4e} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206fa375e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7884 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8628 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6284 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8656 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6268 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 7240 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 7252 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 8212 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3620 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 9832 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 10072 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2020,i,10532752672312417087,7872925476916405703,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 9508 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5492 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2064,i,7618307593773119134,16498521840548879801,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0093DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009468EE FindFirstFileW,FindClose,0_2_009468EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0094698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0093D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0093D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00949642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00949642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0094979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00949B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00949B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00945C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00945C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 95MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 23.96.180.189 23.96.180.189
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0094CE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1Host: arc.msn.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZuRVPvNL3f5eVwh&MD=XpFp+fT4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726168446&P2=404&P3=2&P4=a2E4IbLw%2f4AXhRNtSKVlFISGqZw%2fYX%2fwQfhCkBX%2fA0NPEByub%2bEfZxO0g7crcudrxvY8SwgpfmyOhmpWrhE07Q%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: XQaDYC7uyABZg538oeRDlHSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZuRVPvNL3f5eVwh&MD=XpFp+fT4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000004.00000003.1770708843.00000206F8784000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2056204494.00000206F8784000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000004.00000003.1770708843.00000206F8784000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2056204494.00000206F8784000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000004.00000003.1819361475.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1818641365.00000206F82BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063624513.00000206F82D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 326Content-Type: text/html; charset=us-asciiDate: Thu, 05 Sep 2024 19:15:06 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.09ac2d17.1725563706.3c03156Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: firefox.exe, 00000004.00000003.2058345777.00000206F77B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120264333.00000206F3EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2347905029.00000206F3EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367398478.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2347791299.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120056873.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064945770.00000206F3EA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000004.00000003.2347387787.00000206F9BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000004.00000003.2052715543.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2057735598.00000206F7E46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.orgP
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000004.00000003.1757569315.00000206FBCBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000004.00000003.1757569315.00000206FBCBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000004.00000003.2120676541.00000206F3581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2368060345.00000206F3581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867612362.00000206F3581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times$
Source: firefox.exe, 00000004.00000003.1867612362.00000206F3581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000004.00000003.2120676541.00000206F3581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2368060345.00000206F3581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressionsC:
Source: firefox.exe, 00000004.00000003.1846616598.000002090003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1734161859.00000206F7DF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1731898399.00000206F80F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1755539660.00000206FA557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1757739900.00000206FA86A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063731820.00000206F7ECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1760426185.00000206FA44C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1757739900.00000206FA814000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821807783.00000206F766C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1816353848.00000206FA86A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1820571146.00000206F7ECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1732677716.00000206F81D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1819680302.00000206FA44C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1733457649.00000206F81D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2051949260.00000206FA44C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1859459931.00000206F81D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367472405.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367015473.00000206FA557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2347823446.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2052818082.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1802703031.00000206F7DEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000004.00000003.2403379371.00000206F3F54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2403603707.00000206F3F54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2349211084.00000206F3F34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2402571235.00000206F3F5C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2403812769.00000206F3F59000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2403149296.00000206F3F54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2402818095.00000206F3F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww.micro
Source: firefox.exe, 00000004.00000003.2399506352.00000206F9358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: firefox.exe, 00000004.00000003.2340215866.00000206F3F36000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2340134358.00000206F3F36000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2340339451.00000206F3F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000004.00000003.2344532825.00000206F3F29000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2344183306.00000206F3F29000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2341496108.00000206F3F3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000004.00000003.2341496108.00000206F3F3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/i
Source: firefox.exe, 00000004.00000003.2354821292.00000206F3F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: firefox.exe, 00000004.00000003.2354821292.00000206F3F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnm
Source: firefox.exe, 00000004.00000003.2354821292.00000206F3F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnnya
Source: firefox.exe, 00000004.00000003.2355185805.00000206F3F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnv
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000004.00000003.2420619183.00000206F3F33000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2418915449.00000206F3F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: firefox.exe, 00000004.00000003.2418915449.00000206F3F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: firefox.exe, 00000004.00000003.2348605602.00000206F3F29000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2348486173.00000206F3F2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000004.00000003.2056081712.00000206F8A8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000004.00000003.2063801181.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821224050.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821319600.00000206F7C15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1756281220.00000206F9EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1864963993.00000206F7C31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865745527.00000206F4D8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021818412.00000206F4D8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000004.00000003.2052715543.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1817366482.00000206FA4E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021493466.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1760426185.00000206FA4E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2057735598.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367398478.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2347791299.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120056873.00000206F7E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821224050.00000206F7E46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000004.00000003.2399506352.00000206F9358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: firefox.exe, 00000004.00000003.2349375824.00000206F3F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net
Source: firefox.exe, 00000004.00000003.2349375824.00000206F3F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netH
Source: firefox.exe, 00000004.00000003.2399506352.00000206F9358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: firefox.exe, 00000011.00000002.2914912001.000001D9A7BFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.1756015919.000001D9A7BFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.1755040437.000001D9A7BFC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.4.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000004.00000003.2119733694.00000206F9E33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1756281220.00000206F9E33000.00000004.00000800.00020000.00000000.sdmp, Session_13370037241661381.7.drString found in binary or memory: https://accounts.google.com
Source: Session_13370037241661381.7.dr, 000003.log5.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13370037241661381.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1649364783.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1647804277.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1649364783.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1647804277.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1650009327.00000223AE1ED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1650432578.00000223AE1F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2910113752.00000179C741A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C
Source: firefox.exe, 00000011.00000002.2909529974.000001D9A6E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C?X
Source: file.exe, 00000000.00000002.1649364783.0000000000D08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdp$
Source: file.exe, 00000000.00000002.1649364783.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1647804277.0000000000D40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwds
Source: file.exe, 00000000.00000003.1647804277.0000000000D33000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1649364783.0000000000D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000004.00000003.2022803104.00000206F36FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000004.00000003.1819361475.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1818641365.00000206F82BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063624513.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2056204494.00000206F8753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000004.00000003.2367472405.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2347823446.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2052818082.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063801181.00000206F767B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000004.00000003.2022803104.00000206F36EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367644561.00000206F36EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120498361.00000206F36EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000004.00000003.1866407131.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1770278782.00000206F9B10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: eb33086c-b41f-4efd-a0bb-614043b7b0ee.tmp.8.dr, Network Persistent State0.7.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: 2e286ef9-484c-4c52-bc20-36d5979158a4.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2e286ef9-484c-4c52-bc20-36d5979158a4.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000004.00000003.2120583606.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022886797.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367644561.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867344431.00000206F36BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.7.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1819361475.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1818641365.00000206F82BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063624513.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.7.dr, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.7.dr, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.7.dr, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367644561.00000206F36EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120498361.00000206F36EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000004.00000003.1760426185.00000206FA4FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000004.00000003.2022803104.00000206F36FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000004.00000003.2345742615.00000206FBCAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/45e26519-596d-41a5-b290-e547b44111fd/health/
Source: firefox.exe, 00000004.00000003.2345742615.00000206FBCAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/6fc53411-ad83-4cf6-a5f6-905f0f3f52e8/health/
Source: firefox.exe, 00000004.00000003.2345742615.00000206FBCAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/7278f154-e8f4-4235-84c5-c5c1c6af0084/main/Fi
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000004.00000003.1770708843.00000206F87AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000004.00000003.2022413035.00000206F3ED3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120498361.00000206F36EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000004.00000003.1816028620.00000206FA8C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1757739900.00000206FA8C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://m.kugou.com/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://m.soundcloud.com/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000C.00000002.2912356908.00000179C7A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A7192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000004.00000003.2022803104.00000206F36FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064718073.00000206F3EBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://music.amazon.com
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://music.apple.com
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://open.spotify.com
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000004.00000003.2120988661.00000206F3552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064502126.00000206F3ED3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000004.00000003.2022803104.00000206F36FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058483579.00000206F77AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865090990.00000206F77AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000004.00000003.1819361475.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1818641365.00000206F82BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063624513.00000206F82D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000004.00000003.1819361475.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1818641365.00000206F82BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063624513.00000206F82D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000004.00000003.1819361475.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1818641365.00000206F82BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063624513.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2056204494.00000206F8753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000004.00000003.2022803104.00000206F36FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000004.00000003.2051751067.00000206FA4FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1817314299.00000206FA4FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1760426185.00000206FA4FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000004.00000003.2064502126.00000206F3ED3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000004.00000003.2022803104.00000206F36FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://web.telegram.org/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2057873222.00000206F7C31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821319600.00000206F7C15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1864963993.00000206F7C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000004.00000003.1866407131.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2057873222.00000206F7C31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821319600.00000206F7C15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1864963993.00000206F7C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.iheart.com/podcast/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.instagram.com
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.last.fm/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000004.00000003.2120988661.00000206F355C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867702933.00000206F355C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000004.00000003.1821572610.00000206F7792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.office.com
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000004.00000003.2022886797.00000206F36D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867344431.00000206F36D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120583606.00000206F36D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367644561.00000206F36BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.tiktok.com/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0094EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0094ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0094EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0093AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00969576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00969576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1642897784.0000000000992000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_61cdd99b-e
Source: file.exe, 00000000.00000000.1642897784.0000000000992000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_2c15ecd6-2
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_10b68039-c
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_96946144-1
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A7239C37 NtQuerySystemInformation,17_2_000001D9A7239C37
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A7256032 NtQuerySystemInformation,17_2_000001D9A7256032
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0093D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00931201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00931201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0093E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009420460_2_00942046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D80600_2_008D8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009382980_2_00938298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090E4FF0_2_0090E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090676B0_2_0090676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009648730_2_00964873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FCAA00_2_008FCAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008DCAF00_2_008DCAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ECC390_2_008ECC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00906DD90_2_00906DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D91C00_2_008D91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008EB1190_2_008EB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F13940_2_008F1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F17060_2_008F1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F781B0_2_008F781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F19B00_2_008F19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D79200_2_008D7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E997D0_2_008E997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F7A4A0_2_008F7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F7CA70_2_008F7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F1C770_2_008F1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00909EEE0_2_00909EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095BE440_2_0095BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F1F320_2_008F1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A7239C3717_2_000001D9A7239C37
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A725603217_2_000001D9A7256032
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A725675C17_2_000001D9A725675C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A725607217_2_000001D9A7256072
Source: C:\Users\user\Desktop\file.exeCode function: String function: 008F0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 008EF9F2 appears 31 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@72/333@30/23
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009437B5 GetLastError,FormatMessageW,0_2_009437B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009310BF AdjustTokenPrivileges,CloseHandle,0_2_009310BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009316C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_009316C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009451CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_009451CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_0093D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0094648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008D42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA02F5-1D70.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeReversingLabs: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,15309278543737732341,3283163508416092879,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6284 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6268 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f32ec23-be7a-418b-8f61-b1a22111ea5c} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206e7d71110 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4376 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {547c77f8-c020-4959-ad1e-5ce4ada21a4e} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206fa375e10 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2020,i,10532752672312417087,7872925476916405703,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2064,i,7618307593773119134,16498521840548879801,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3620 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,15309278543737732341,3283163508416092879,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f32ec23-be7a-418b-8f61-b1a22111ea5c} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206e7d71110 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4376 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {547c77f8-c020-4959-ad1e-5ce4ada21a4e} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206fa375e10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6284 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6268 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3620 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2020,i,10532752672312417087,7872925476916405703,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2064,i,7618307593773119134,16498521840548879801,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008D42DE
Source: gmpopenh264.dll.tmp.4.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F0A76 push ecx; ret 0_2_008F0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008EF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_008EF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00961C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00961C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96543
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A7239C37 rdtsc 17_2_000001D9A7239C37
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0093DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009468EE FindFirstFileW,FindClose,0_2_009468EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0094698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0093D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0093D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00949642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00949642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0094979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00949B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00949B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00945C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00945C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008D42DE
Source: firefox.exe, 00000011.00000002.2913701289.000001D9A7820000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6R
Source: firefox.exe, 0000000C.00000002.2914645287.00000179C7B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
Source: firefox.exe, 0000000C.00000002.2910113752.00000179C741A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: firefox.exe, 00000011.00000002.2909529974.000001D9A6E1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000004.00000003.2120583606.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022886797.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367644561.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867344431.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2911226185.00000179C7820000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000C.00000002.2914645287.00000179C7B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWJ
Source: firefox.exe, 0000000C.00000002.2914645287.00000179C7B00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2913701289.000001D9A7820000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001D9A7239C37 rdtsc 17_2_000001D9A7239C37
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094EAA2 BlockInput,0_2_0094EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00902622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00902622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008D42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F4CE8 mov eax, dword ptr fs:[00000030h]0_2_008F4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00930B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00930B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00902622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00902622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008F083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F09D5 SetUnhandledExceptionFilter,0_2_008F09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008F0C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00931201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00931201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00912BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00912BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093B226 SendInput,keybd_event,0_2_0093B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009522DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_009522DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00930B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00930B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00931663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00931663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F0698 cpuid 0_2_008F0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00948195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00948195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0092D27A GetUserNameW,0_2_0092D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0090BB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008D42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00951204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00951204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00951806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00951806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505174 Sample: file.exe Startdate: 05/09/2024 Architecture: WINDOWS Score: 68 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 sni1gl.wpc.nucdn.net 2->50 52 13 other IPs or domains 2->52 70 Multi AV Scanner detection for submitted file 2->70 72 Binary is likely a compiled AutoIt script file 2->72 74 Machine Learning detection for sample 2->74 76 AI detected suspicious sample 2->76 8 file.exe 1 2->8         started        11 msedge.exe 150 524 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 78 Binary is likely a compiled AutoIt script file 8->78 80 Found API chain indicative of sandbox detection 8->80 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.4, 138, 443, 49350 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 82 Maps a DLL or memory area into another process 11->82 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 94 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 49773, 49774 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 s-part-0029.t-0009.t-msedge.net 13.107.246.57, 443, 49758, 49759 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 17 other IPs or domains 22->62 58 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49762, 49769, 49805 GOOGLEUS United States 29->58 60 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49814, 49815 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://latest.web.skype.com/?browsername=edge_canary_shoreline0%URL Reputationsafe
https://word.new?from=EdgeM365Shoreline0%URL Reputationsafe
http://detectportal.firefox.com/0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggest0%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%Avira URL Cloudsafe
http://www.fontbureau.com/designers0%Avira URL Cloudsafe
https://screenshots.firefox.com0%Avira URL Cloudsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%Avira URL Cloudsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://spocs.getpocket.com/spocs0%Avira URL Cloudsafe
https://ads.stickyadstv.com/firefox-etp0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%Avira URL Cloudsafe
https://monitor.firefox.com/breach-details/0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%Avira URL Cloudsafe
https://profiler.firefox.com/0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%Avira URL Cloudsafe
https://api.accounts.firefox.com/v10%Avira URL Cloudsafe
https://fpn.firefox.com0%Avira URL Cloudsafe
https://drive-daily-2.corp.google.com/0%Avira URL Cloudsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
http://www.carterandcone.coml0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%Avira URL Cloudsafe
https://drive-daily-5.corp.google.com/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://bugzilla.mo0%Avira URL Cloudsafe
https://mitmdetection.services.mozilla.com/0%Avira URL Cloudsafe
https://chromewebstore.google.com/0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
https://drive-preprod.corp.google.com/0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%Avira URL Cloudsafe
https://bard.google.com/0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://www.openh264.org/0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
https://coverage.mozilla.org0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
http://x1.c.lencr.org/00%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%Avira URL Cloudsafe
http://x1.i.lencr.org/00%Avira URL Cloudsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%Avira URL Cloudsafe
http://exslt.org/dates-and-times$0%Avira URL Cloudsafe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true0%Avira URL Cloudsafe
https://profiler.firefox.com0%Avira URL Cloudsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%Avira URL Cloudsafe
https://mozilla.cloudflare-dns.com/dns-query0%Avira URL Cloudsafe
https://mail.yahoo.co.jp/compose/?To=%s0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		172.64.41.3
    		truefalse
      		unknown
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          		34.107.221.82
          		truefalse
            		unknown
            services.addons.mozilla.org
            		52.222.236.48
            		truefalse
              		unknown
              ipv4only.arpa
              		192.0.0.171
              		truefalse
                		unknown
                prod.remote-settings.prod.webservices.mozgcp.net
                		34.149.100.209
                		truefalse
                  		unknown
                  googlehosted.l.googleusercontent.com
                  		142.250.186.129
                  		truefalse
                    		unknown
                    sni1gl.wpc.nucdn.net
                    		152.199.21.175
                    		truefalse
                      		unknown
                      s-part-0029.t-0009.t-msedge.net
                      		13.107.246.57
                      		truefalse
                        		unknown
                        telemetry-incoming.r53-2.services.mozilla.com
                        		34.120.208.123
                        		truefalse
                          		unknown
                          detectportal.firefox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            clients2.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		unknown
                              bzib.nelreports.net
                              		unknown
                              		unknownfalse
                                		unknown
                                firefox.settings.services.mozilla.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://www.google.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://detectportal.firefox.com/firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.mozilla.com0firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000C.00000002.2912356908.00000179C7A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A7192000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersfirefox.exe, 00000004.00000003.2344532825.00000206F3F29000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2344183306.00000206F3F29000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2341496108.00000206F3F3A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://docs.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://screenshots.firefox.comfirefox.exe, 00000004.00000003.2022803104.00000206F36FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.youtube.comb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://completion.amazon.com/search/complete?q=firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000004.00000003.1819361475.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1818641365.00000206F82BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063624513.00000206F82D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2056204494.00000206F8753000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.instagram.comb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/breach-details/firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000004.00000003.1721415244.00000206F7981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2057873222.00000206F7C31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821319600.00000206F7C15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1864963993.00000206F7C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.com/firefox.exe, 00000004.00000003.2120988661.00000206F3552000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.msn.comfirefox.exe, 00000004.00000003.1821572610.00000206F7792000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedgeb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.office.com/mail/compose?isExtension=trueb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000004.00000003.1720557385.00000206F7700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721015401.00000206F7941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721319343.00000206F796C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720686460.00000206F7917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1720867366.00000206F792C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1721165640.00000206F7957000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://i.y.qq.com/n2/m/index.htmlb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.deezer.com/b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://web.telegram.org/b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.accounts.firefox.com/v1firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-2.corp.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://fpn.firefox.comfirefox.exe, 00000004.00000003.1822462427.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000004.00000003.1867460455.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367612253.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822109838.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120676541.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367849067.00000206F35B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2912356908.00000179C7ACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2910641989.000001D9A71FA000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-1.corp.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://excel.new?from=EdgeM365Shorelineb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com/firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120236595.00000206F4D67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022300324.00000206F4D6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-5.corp.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.comlfirefox.exe, 00000004.00000003.2399506352.00000206F9358000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://127.0.0.1:firefox.exe, 00000004.00000003.2058345777.00000206F77B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bugzilla.mofirefox.exe, 00000004.00000003.1866407131.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1770278782.00000206F9B10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mitmdetection.services.mozilla.com/firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://amazon.comfirefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromewebstore.google.com/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-preprod.corp.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://spocs.getpocket.com/firefox.exe, 00000004.00000003.2064190371.00000206F4D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1822462427.00000206F4D12000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bard.google.com/b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.office.comb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/0/b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000004.00000003.2064190371.00000206F4D2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1865477894.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://tidal.com/b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://mozilla.org/MPL/2.0/.firefox.exe, 00000004.00000003.1846616598.000002090003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1734161859.00000206F7DF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1731898399.00000206F80F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1755539660.00000206FA557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1757739900.00000206FA86A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2063731820.00000206F7ECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1760426185.00000206FA44C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1757739900.00000206FA814000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821807783.00000206F766C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1816353848.00000206FA86A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1820571146.00000206F7ECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1732677716.00000206F81D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1819680302.00000206FA44C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1733457649.00000206F81D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2051949260.00000206FA44C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1859459931.00000206F81D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367472405.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367015473.00000206FA557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2347823446.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2052818082.00000206F767B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1802703031.00000206F7DEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.openh264.org/firefox.exe, 00000004.00000003.2022886797.00000206F36D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867344431.00000206F36D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2120583606.00000206F36D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367644561.00000206F36BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://gaana.com/b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://login.microsoftonline.comfirefox.exe, 00000004.00000003.1816028620.00000206FA8C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1757739900.00000206FA8C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://coverage.mozilla.orgfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000004.00000003.2067197384.00000206F8B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://x1.c.lencr.org/0firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://x1.i.lencr.org/0firefox.exe, 00000004.00000003.1817937865.00000206F99D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2055697140.00000206F99D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/compose?isExtension=trueb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://blocked.cdn.mozilla.net/firefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000004.00000003.2120583606.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2022886797.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2367644561.00000206F36BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867344431.00000206F36BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://exslt.org/dates-and-times$firefox.exe, 00000004.00000003.2120676541.00000206F3581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2368060345.00000206F3581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1867612362.00000206F3581000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=trueb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.comfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://latest.web.skype.com/?browsername=edge_canary_shorelineb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://word.new?from=EdgeM365Shorelineb06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000C.00000002.2910741166.00000179C7580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2910262204.000001D9A6FB0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000004.00000003.1865436417.00000206F5FC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2058586076.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1821916807.00000206F5FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2020415724.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1812975621.00000206F5739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1725806878.00000206F572C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1723267277.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.1726116575.00000206F5733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000004.00000003.2021631248.00000206F5FB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  142.250.80.68
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  13.107.246.40
                                  		unknownUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  23.96.180.189
                                  		unknownUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  152.195.19.97
                                  		unknownUnited States
                                  		15133EDGECASTUSfalse
                                  142.251.40.202
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  162.159.61.3
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  142.251.40.174
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  23.200.0.9
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  172.64.41.3
                                  		chrome.cloudflare-dns.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  52.222.236.48
                                  		services.addons.mozilla.orgUnited States
                                  		16509AMAZON-02USfalse
                                  34.120.208.123
                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                  		15169GOOGLEUSfalse
                                  13.107.246.57
                                  		s-part-0029.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  34.149.100.209
                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                  		2686ATGS-MMD-ASUSfalse
                                  34.107.221.82
                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.80.99
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.186.129
                                  		googlehosted.l.googleusercontent.comUnited States
                                  		15169GOOGLEUSfalse
                                  35.244.181.201
                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.251.167.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  23.59.250.35
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  35.190.72.216
                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.4
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1505174
                                  Start date and time:2024-09-05 21:13:09 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 42s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:27
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal68.evad.winEXE@72/333@30/23
                                  EGA Information:
                                  • Successful, ratio: 66.7%
                                  HCA Information:
                                  • Successful, ratio: 96%
                                  • Number of executed functions: 36
                                  • Number of non-executed functions: 309
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 74.125.71.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.181.238, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.23.209.179, 2.23.209.149, 2.23.209.154, 2.23.209.156, 2.23.209.176, 2.23.209.177, 2.23.209.150, 2.23.209.160, 2.23.209.158, 142.250.184.195, 142.250.185.195, 93.184.221.240, 192.229.221.95, 172.217.18.14, 2.22.61.59, 2.22.61.56, 172.217.16.206, 142.250.65.195, 142.251.40.227, 142.251.41.3
                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.ne
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtCreateFile calls found.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: file.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  20:14:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                  20:14:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                  • www.aib.gov.uk/
                                  NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zs
                                  PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/42Q
                                  06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zk
                                  Quotation.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zM
                                  23.96.180.189file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousBabadedaBrowse
                                              GrammarlyInstaller.evxSw76fmxki94ued2mj0c82.exeGet hashmaliciousUnknownBrowse
                                                PDFpower (1).exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                    file.exeGet hashmaliciousBabadedaBrowse
                                                      152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                                      • www.ust.com/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      Re-chnung-010910294.zipGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      ipv4only.arpafile.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.171
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.171
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.171
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.171
                                                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.23
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 108.156.60.43
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.23
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 18.65.39.4
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 108.156.60.108
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 18.65.39.85
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.48
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.80

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CLOUDFLARENETUShttps://docsend.com/view/s/gmje9md8xai73sg5Get hashmaliciousUnknownBrowse
                                                      • 1.1.1.1
                                                      Status Update NGKUV.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      http://sites.google.com/view/inno-pakllc/homeGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      https://spinnbowll.info/AuGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      https://plugin-api.offworld.live/plugin/version/a8275a79-0850-4647-a548-be4dd5709678?pluginBundleType=installer&access_token=POqRp0uiFyHozGYs1TM7t2YBEAIA8adQVeesHfC5Get hashmaliciousUnknownBrowse
                                                      • 104.21.30.178
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      Quotation.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      https://rivercliff.com/global/efm/doneGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      SecureMessageATT.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 188.114.96.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      MICROSOFT-CORP-MSN-AS-BLOCKUShttps://rivercliff.com/global/efm/doneGet hashmaliciousHTMLPhisherBrowse
                                                      • 40.127.240.158
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.40
                                                      https://cardiocareecuador.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9YkdOWVpYST0mdWlkPVVTRVIyNjA4MjAyNFUwMDA4MjYxMQGet hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTddrBVlbCteZJj8QfhFvhzGnrSwkFwZUI8U0ElApY3ruN2moaZlprSDGWrxtrbI1MBxlzIbpGFmlWRXVz-DfjyzMo6DjGJvk2NdT1NgnbRCGzTYRw7PzgS1STErkGqov-2A=/MTU3LUdRRS0zODIAAAGVXrvPPFFO4qk2k5S0WBN6iOmgYzwr15ol9HTLY_vuNwgIljWNKTe4HuyrKAtA0lJBatyTgWI=Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.57
                                                      https://emails.microsoft.com/dc/zSgS2A6q0riGfHtfc6vB4o2EDiQ6lN3O6qiMomONyUJ0HsQ2sZIsMh689GSSYbTLO3mCkWaodie4MAOslvNCWW_9a3plE0P-Ez0LQY78TZmDPHuwNSWhLFzTYMtoZfimsqDGDjfg-w-v-HUlOmaZvGFLFwxVF_4UkVJu8KOKwPs=/MTU3LUdRRS0zODIAAAGVXXQTXko_YJBSIbQm_RlsGLlFgr2A-kJcbF9EmGwaO1zI2Do4ydFFpnBfqgMZYQyQQ3e8Go8=Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.60
                                                      https://baft.neptunedata.co.uk/Account/ConfirmEmail?userId=4d69a0b3-6ad7-402e-b5c7-39067b77a84e&code=rt0wUbo2SMFBpLeyQCnvj6o2eF3aiY5VHGrrgqCQXCju6QTtbQxLUlmV5HvAnLR%2BtGJ18bwk3kYCqSu8V4vWTZLq9D5ruFT7TZaY1TNieHTTyzz7PgtNhdGZKB01ei6PQo68KD2rqhaPbO63oTnZjllbn5Y8Jf7TIXIDGNOS9em%2BDJWypyNqkcOIJgeeZDBOGet hashmaliciousUnknownBrowse
                                                      • 20.117.66.165
                                                      https://atiguesconstruction-my.sharepoint.com/:f:/g/personal/nartigues_artiguesconstruction_com/Elezf74k885Bs1Su18MKsokBXolnLvxbVc_Ow6itYDUEWA?e=J4WarsGet hashmaliciousHTMLPhisherBrowse
                                                      • 52.98.178.242
                                                      AiRCO Mechanical.eml (52.3 KB).msgGet hashmaliciousUnknownBrowse
                                                      • 40.99.149.178
                                                      https://portal.ritedose.com/Get hashmaliciousUnknownBrowse
                                                      • 52.165.169.191
                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                      • 20.60.197.1
                                                      EDGECASTUSStatus Update NGKUV.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTddrBVlbCteZJj8QfhFvhzGnrSwkFwZUI8U0ElApY3ruN2moaZlprSDGWrxtrbI1MBxlzIbpGFmlWRXVz-DfjyzMo6DjGJvk2NdT1NgnbRCGzTYRw7PzgS1STErkGqov-2A=/MTU3LUdRRS0zODIAAAGVXrvPPFFO4qk2k5S0WBN6iOmgYzwr15ol9HTLY_vuNwgIljWNKTe4HuyrKAtA0lJBatyTgWI=Get hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      Jenny Baker-ln service Agreetment-##num##.pdfGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                      • 192.229.221.95
                                                      https://www.linkedin.com/redir/redirect?url=https://lookerstudio.google.com/s/o4pSLJjGIwU&urlhash=CUME&trk=article-ssr-frontend-pulse_little-text-blockGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.118
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      https://bankatcitylogin.braincert.com/p/bankatcitycomcitynationalbankcitynationalloginaccessprofilevalidationid289393839bankatcitycitynationalbankcustomerloginverificationprofilecitynationalbankbankatcityGet hashmaliciousHTMLPhisher, PayPal PhisherBrowse
                                                      • 192.229.221.25
                                                      https://eu2.contabostorage.com/0f057bf4d91340d3ae18d5f31372fa7e:new/document.html#rthurston@democracyforward.orgGet hashmaliciousUnknownBrowse
                                                      • 192.229.173.207
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      MICROSOFT-CORP-MSN-AS-BLOCKUShttps://rivercliff.com/global/efm/doneGet hashmaliciousHTMLPhisherBrowse
                                                      • 40.127.240.158
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.40
                                                      https://cardiocareecuador.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9YkdOWVpYST0mdWlkPVVTRVIyNjA4MjAyNFUwMDA4MjYxMQGet hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTddrBVlbCteZJj8QfhFvhzGnrSwkFwZUI8U0ElApY3ruN2moaZlprSDGWrxtrbI1MBxlzIbpGFmlWRXVz-DfjyzMo6DjGJvk2NdT1NgnbRCGzTYRw7PzgS1STErkGqov-2A=/MTU3LUdRRS0zODIAAAGVXrvPPFFO4qk2k5S0WBN6iOmgYzwr15ol9HTLY_vuNwgIljWNKTe4HuyrKAtA0lJBatyTgWI=Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.57
                                                      https://emails.microsoft.com/dc/zSgS2A6q0riGfHtfc6vB4o2EDiQ6lN3O6qiMomONyUJ0HsQ2sZIsMh689GSSYbTLO3mCkWaodie4MAOslvNCWW_9a3plE0P-Ez0LQY78TZmDPHuwNSWhLFzTYMtoZfimsqDGDjfg-w-v-HUlOmaZvGFLFwxVF_4UkVJu8KOKwPs=/MTU3LUdRRS0zODIAAAGVXXQTXko_YJBSIbQm_RlsGLlFgr2A-kJcbF9EmGwaO1zI2Do4ydFFpnBfqgMZYQyQQ3e8Go8=Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.60
                                                      https://baft.neptunedata.co.uk/Account/ConfirmEmail?userId=4d69a0b3-6ad7-402e-b5c7-39067b77a84e&code=rt0wUbo2SMFBpLeyQCnvj6o2eF3aiY5VHGrrgqCQXCju6QTtbQxLUlmV5HvAnLR%2BtGJ18bwk3kYCqSu8V4vWTZLq9D5ruFT7TZaY1TNieHTTyzz7PgtNhdGZKB01ei6PQo68KD2rqhaPbO63oTnZjllbn5Y8Jf7TIXIDGNOS9em%2BDJWypyNqkcOIJgeeZDBOGet hashmaliciousUnknownBrowse
                                                      • 20.117.66.165
                                                      https://atiguesconstruction-my.sharepoint.com/:f:/g/personal/nartigues_artiguesconstruction_com/Elezf74k885Bs1Su18MKsokBXolnLvxbVc_Ow6itYDUEWA?e=J4WarsGet hashmaliciousHTMLPhisherBrowse
                                                      • 52.98.178.242
                                                      AiRCO Mechanical.eml (52.3 KB).msgGet hashmaliciousUnknownBrowse
                                                      • 40.99.149.178
                                                      https://portal.ritedose.com/Get hashmaliciousUnknownBrowse
                                                      • 52.165.169.191
                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                      • 20.60.197.1

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      28a2c9bd18a11de089ef85a160da29e4Service Functionality verification #45.htmlGet hashmaliciousUnknownBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      https://email.kiplinger.com/optiext/optiextension.dll?ID=A45A8XaEaSuL%2BH5esddtEzbZ2V524WMq6Vo4%2Br8mCpfxprjQtW6ZSGXdrbeJ5NHEKgenf8OE0bO%2BmUBJqzE0ldcfCFckQGet hashmaliciousUnknownBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      Status Update NGKUV.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      SecuriteInfo.com.Trojan.DownLoader47.32476.10811.70.exeGet hashmaliciousUnknownBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      SecuriteInfo.com.Trojan.DownLoader47.32476.10811.70.exeGet hashmaliciousUnknownBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      http://sites.google.com/view/inno-pakllc/homeGet hashmaliciousHTMLPhisherBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      Complete with Docusign amazar@actuatetherapeutics.pdfGet hashmaliciousUnknownBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      https://spinnbowll.info/AuGet hashmaliciousHTMLPhisherBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      http://intermountain.netGet hashmaliciousUnknownBrowse
                                                      • 40.127.169.103
                                                      • 184.28.90.27
                                                      • 20.114.59.183
                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.48
                                                      • 34.120.208.123

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                            file.exeGet hashmaliciousUnknownBrowse

                                                                                              Created / dropped Files

                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_967b90b8-025f-4976-a884-396221bb5f37.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6439
                                                                                              Entropy (8bit):5.14569047398886
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:5ojMXuIbcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:qYLcNhnzFSJ5nSrDhJdB
                                                                                              MD5:73866CD2C0DB347102009E023A569F5C
                                                                                              SHA1:D18FB4FF6DF5615482402FD977E35C1295D40E3B
                                                                                              SHA-256:909C621D14D44F159D90D8166DC907F77C5F5CE3B7916AA066F9C646541A196F
                                                                                              SHA-512:131DC878845BEBBF3CC01F8427C8BA61C55877E6CA004C83DB8B1AEEA15408921BCF6D75878ED40AC8C16B335B4D586C5F85D59247CD82A21BFD4E434D3C2A9F
                                                                                              Malicious:false
                                                                                              Preview:{"type":"uninstall","id":"967b90b8-025f-4976-a884-396221bb5f37","creationDate":"2024-09-05T20:15:24.585Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_967b90b8-025f-4976-a884-396221bb5f37.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6439
                                                                                              Entropy (8bit):5.14569047398886
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:5ojMXuIbcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:qYLcNhnzFSJ5nSrDhJdB
                                                                                              MD5:73866CD2C0DB347102009E023A569F5C
                                                                                              SHA1:D18FB4FF6DF5615482402FD977E35C1295D40E3B
                                                                                              SHA-256:909C621D14D44F159D90D8166DC907F77C5F5CE3B7916AA066F9C646541A196F
                                                                                              SHA-512:131DC878845BEBBF3CC01F8427C8BA61C55877E6CA004C83DB8B1AEEA15408921BCF6D75878ED40AC8C16B335B4D586C5F85D59247CD82A21BFD4E434D3C2A9F
                                                                                              Malicious:false
                                                                                              Preview:{"type":"uninstall","id":"967b90b8-025f-4976-a884-396221bb5f37","creationDate":"2024-09-05T20:15:24.585Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2fa1e893-746f-4501-a8a7-06afebfb8c64.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\33b90762-5038-406a-b8be-b8ce14b2e6f1.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):25103
                                                                                              Entropy (8bit):6.030445510079756
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:iMGQ7FCYXGIgtDAWtJ4zkJ6uy8HA0S3xXNo:iMGQ5XMBIkNzMXNo
                                                                                              MD5:759D780574ACD1AA42C55D24CC6CA792
                                                                                              SHA1:047678515DCA3149A1500A6E44BA74E9D343A83C
                                                                                              SHA-256:A3A716FA473FF1B105CC44C78E8193D506963F68E138CD91084BDE0CB97E555D
                                                                                              SHA-512:344D9AD4D267A73B48C650C2A3FF724769FF90C6CC0EC55D4A2A6FF7E0909AD117EBA77F1084654CFB3CA4E1D1B920B1AB1937B9E6E867B86270D09417F7E71E
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370037239977610","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\43ab522c-5eec-40fa-83e7-bda9ecda96c2.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):25052
                                                                                              Entropy (8bit):6.031271632045844
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:iMGQ7FCYXGIgtDAWtJ4z1J6uyaHA0S3xXNo:iMGQ5XMBI1NhMXNo
                                                                                              MD5:F2A6BDEE68C3D3E7F7ECEA05CFA5584D
                                                                                              SHA1:E8FD65726EC79267674BA70AFDA453D493FE2AE3
                                                                                              SHA-256:CD195765166858734934BE3DBCC91F134D1EF05650C822448EF32E3E8B64F831
                                                                                              SHA-512:E40046BF17A87924BDC55B45246B9710378EDE1B88EF42276156C6D17B59E1F3F0A8B9B28EE27F950428F18875889E673EB3292417B29C58437C0DFE0538A87B
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370037239977610","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4be8ca90-8599-4eb5-a0b1-cb9b5502165a.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):23966
                                                                                              Entropy (8bit):6.049670066247618
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:utMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhzzfWOP6QxAhQSDTx5JkjrKyqOM:iMGQ7FCYXGIgtDAWtJ4n1J6QJxAhQS3f
                                                                                              MD5:729BE6C8A7FC2080C79FCCADBCBA8BA7
                                                                                              SHA1:A14831CBF4A24C4D3C025FBD946DD41450C862AD
                                                                                              SHA-256:D0517891B5533B2822B41171DD6F6F7C54052CA253C613B04A1E661B35E235F9
                                                                                              SHA-512:3504B3633EE007696AB43B4CC05E53809D0ECE7BD0FEF5B07481E8B872473AF52F6E133BD1C6224CD6FD25736F76C89219728ACD609648F0C3EE86DC8BCF9F30
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370037239977610","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5b157bbc-8038-45cb-a3d0-d6cb2a991a97.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):8090
                                                                                              Entropy (8bit):5.810952266640586
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:asNAM3heiRUxHQZlkAV6qRAq1k8SPxVLZ7VTiq:asNAixQwZ2AV6q3QxVNZTiq
                                                                                              MD5:2135837F432254C3AC057D4673E29D04
                                                                                              SHA1:A30AE56697051C67B6220EB9652F7C7F4AD51608
                                                                                              SHA-256:E69BDF4BADF8B6A6E2714C4740C8AB5114014CBFF8EEA445E58F7CE9529098AF
                                                                                              SHA-512:A13C170675A2325FF00B9DB1D4D40B530D88FECE56F0545A89595524FB578695ED12A4C6D8007075B8ED7311EAD8EEDB8A16332E573EB5D98F6E565FEC09ED7F
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\82e7e88f-dfa5-4781-a0f0-9b520f263794.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):25052
                                                                                              Entropy (8bit):6.031251383946469
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:iMGQ7FCYXGIgtDAWtJ4z1J6uy8HA0S3xXNo:iMGQ5XMBI1NzMXNo
                                                                                              MD5:C5F6C376D8B9B49247E2E09ECFD2F202
                                                                                              SHA1:459FFF871A8726E6ED51F4C2926B919E0C2EDD48
                                                                                              SHA-256:C682472BBA10E55EDA04E92C6AF383FD0FF171A493B9DD178C2602901D7090E6
                                                                                              SHA-512:3AC311F8EBCE9F8B2AF9B72B93D80FCDFAC25EC4B7A007700D254C7CAAAA72E212083BBF731DAC9F46FFFDD79BBCA75FD715EE4241ED7C84D1147642139830BB
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370037239977610","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8afd1341-31ca-43ed-accb-ddf2a4087329.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):23966
                                                                                              Entropy (8bit):6.049670066247618
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:utMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhzzfWOP6QxAhQSDTx5JkjrKyqOM:iMGQ7FCYXGIgtDAWtJ4n1J6QJxAhQS3f
                                                                                              MD5:729BE6C8A7FC2080C79FCCADBCBA8BA7
                                                                                              SHA1:A14831CBF4A24C4D3C025FBD946DD41450C862AD
                                                                                              SHA-256:D0517891B5533B2822B41171DD6F6F7C54052CA253C613B04A1E661B35E235F9
                                                                                              SHA-512:3504B3633EE007696AB43B4CC05E53809D0ECE7BD0FEF5B07481E8B872473AF52F6E133BD1C6224CD6FD25736F76C89219728ACD609648F0C3EE86DC8BCF9F30
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370037239977610","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\01b2b0cd-bd55-4a35-b477-2ba78d5e22b2.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):107893
                                                                                              Entropy (8bit):4.640149995732079
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                              Malicious:false
                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):107893
                                                                                              Entropy (8bit):4.640149995732079
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                              Malicious:false
                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA02F5-1D70.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.039948721186483856
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:qO01utmqvDDKX7qJvyqlBqfr3nXgXXwOD5BhA/wNEvdrRQMQsNin8y08Tcm2RGOD:n0EtjSQfh5It9Ni08T2RGOD
                                                                                              MD5:E926E484404A11E85E71A79C8E0E6805
                                                                                              SHA1:3DE5FC53F9331876B59D1B361531994D337A32C8
                                                                                              SHA-256:85C661A32D5AE7CEF2FF29B5DB83978BC8FDC8B219445DD95694E2226EAD2782
                                                                                              SHA-512:F01287216F1C75CEA3588E38BB05C479EDB575C839DF55A26E0CACEBF12AF696E89B08B5EC67879D8B4935881F466AC9A0E7B6ABEEA4D3E379439D819D96B35B
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................a..HQ..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".evvhxs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA02F6-1ECC.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.46872651437453094
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:xADlg0izAmlPaH6wjwzd2X6AqIpzaHCT:0BmlCrh+
                                                                                              MD5:F22F29E6AD3A7B7C9FB6B3AAAF44E0EA
                                                                                              SHA1:5BC89AE1C11ED3FC718DC1E090E36467280994B8
                                                                                              SHA-256:353742143CB48F45A0897B70301D75DBFB0BF1E39034CEB5D21714D93D4B79DC
                                                                                              SHA-512:18F2F4EC639E0C3590300C1CBD224CE565B66A8A5BB943322D29128F89F58753F59EB6B54EDDF14E0D2FBF5C6749090834A751CE30CEA1A9582D037174B1EE57
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................... ...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".evvhxs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA0309-2668.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.04076728245255918
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:Cy0EbtmqvDtKX7CJEa3XxxTxqZ/g+XYT970R6Eqh57NgGnG1gQMjwR0fgn8y08TQ:f0EtNeK8YnRFhxFCgvOn08T2RGOD
                                                                                              MD5:8E046BD0ABD9E1D6BF6BAFDE7173BD69
                                                                                              SHA1:3D210F14F405F2F21219C9DA73FE9ADD56E29CB7
                                                                                              SHA-256:83716172EE62D2D5CAF836122D282B0738EE69D6350B52B48F60D49EEA1891FB
                                                                                              SHA-512:8E7B6965B6980E7EA38CB0B26B649BB26040699E01D71EC7F70574566E65FC8A99EB7CACB55D0AF7205E7159FC4BAFCC8D6B5FC8458DE4B9CC090959E875D636
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".evvhxs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA0311-2524.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.039906917881671986
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:2E0EbtmqvD3KX7tJEa3Xxx7uqZGXPtg34khhhBNETMO1gQpe8P657En8y08Tcm2D:Z0Etke18xphBRagw3P+Y08T2RGOD
                                                                                              MD5:659B15A8141CFF0A06BC0EC43034404F
                                                                                              SHA1:F865C68746D24F367C53D95499AA26C12FC20D70
                                                                                              SHA-256:65F2D344158ED4BEDB4E7BD7CF255B4309B68E3F7DF5BB61A0362775EC245C0C
                                                                                              SHA-512:6C310FCD197A7D8BC022838E16EF7A8E0E8585C36436EF6EA969BFCA2401705535942D920FF1FB7D50C2851966470789CE4416185CDD9B772DBD76E0C1F181C5
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".evvhxs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):16384
                                                                                              Entropy (8bit):0.3553968406659012
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                              MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                              SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                              SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                              SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                              Malicious:false
                                                                                              Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):280
                                                                                              Entropy (8bit):3.060980776278344
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                                              MD5:74B32A83C9311607EB525C6E23854EE0
                                                                                              SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                                              SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                                              SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                                              Malicious:false
                                                                                              Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\03a6e5d4-34bc-47c3-b40b-b265698903d0.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\17c7c892-ca25-474c-8192-bbd339032e85.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):34462
                                                                                              Entropy (8bit):5.558329583896837
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:yImkJFWPm8fXY8F1+UoAYDCx9Tuqh0VfUC9xbog/OVRipX6rwO7/KDdKphtux:yImkJFWPm8fXYu1jaEoX/O7/I0ty
                                                                                              MD5:1E0A01CD81E3BC0F07F63B375F6A948F
                                                                                              SHA1:0F2C57ACB90C17CA23C2DE0214C99C99789D39EA
                                                                                              SHA-256:822BF282B2E3A6D7CD443ADE135AA3467F16FBAF19E8BA1E8DA4A20911473FBC
                                                                                              SHA-512:F6B8EC6BD8F74E95AACF45FE53DBA5DE4255325E94F5C01000AAA6E5A7D540C39122B20EEA1AC1DD1C4276A1EA4703EBFEF61A2F5DB20F3E68D06516C192C4FB
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370037239055276","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370037239055276","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\315792ac-0257-45f8-b276-28553cd2a1f0.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13688
                                                                                              Entropy (8bit):5.233191344972174
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZiuaba4uyPJRJumNF8VhBiZrYP3R85pj+F9PQAX5c1f:sVQLAJucJRJuYFehBiZ9pUVQYM
                                                                                              MD5:0E99C4BF8A59EAB2777E8CB2C54AEC42
                                                                                              SHA1:9917DF2FD716E94E7B9132C2C7A394EA0C21008C
                                                                                              SHA-256:B3E359F4DC5559466E014327FD8686C240EF11EC6EFBF48AB37300F8FFF07136
                                                                                              SHA-512:FFEB31A501A7A7FEC23DD552943DDD3D7B0434A61174358B11658F678DA89F247EC023755A60EA6A4F0CDB54DE3E700D511DDC73CE7544854838BB9CFA2A3F98
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7d6fa747-85f2-4437-9aa8-16875a2718de.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13579
                                                                                              Entropy (8bit):5.234667658483653
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZiuaba4uyPJRJumNF8VhBiZrYP3R85pj+F9PQAw5c1f:sVQLAJucJRJuYFehBiZ9pUVQ9M
                                                                                              MD5:BFA8E69A668B84108FF574F8AD51B6C9
                                                                                              SHA1:168356F089E0BEB5A589D0BE15B1B4FDBA8A8780
                                                                                              SHA-256:264FA811C1B489BBEE5D8DD7E95F4B441231F1BFAD5DE7701E7F9FEB9019A037
                                                                                              SHA-512:EE8E639046D983179F28C9157E3CE5EBF7CFB111008C7327ABE62DB8F68BB7232C669E6011361699D037F3304624CC54BA3A00D47484CEED3979C1FE41BC2794
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8d1bfbbb-9453-4913-a748-eda798f094fe.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12924
                                                                                              Entropy (8bit):5.159839332704129
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZiuaba4uyPJRJumNF8Vh1YP3R85pj+F9PQAn5c1f:sVQLAJucJRJuYFeh7pUVQ6M
                                                                                              MD5:3377D6EE5F03059500C3EA37B432AF31
                                                                                              SHA1:6D5972CE7CEAFD661CE52342612E03817C1CDE6D
                                                                                              SHA-256:E6AC59414A1C0494FE9D29B8274084E30835B28982FA7552016A41F5CB52DB46
                                                                                              SHA-512:3D78B3D69B9DA822EFA2244FC2903FBD1E5C2758FD58E07D98D87D9F6B0842461295C0E544BF235D8B896599F734DA74BBFD08125DD6542ACA1D4A0A7E9976F9
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9d095583-8084-4590-970a-8f4c4d754ff6.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):1695826
                                                                                              Entropy (8bit):5.041140103094484
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:tPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:tPfZ/mS5
                                                                                              MD5:A328CA63B75102ECB716C6023A74DF9E
                                                                                              SHA1:B94AB2DB77A1CF95F8AFD0CD4F14DCC069E5A33F
                                                                                              SHA-256:D7D57BBDBDFD19773A16DD5EBE3C34F6304226FDB5A4799FD5B0E81141DE8596
                                                                                              SHA-512:19E43AA7839F7C0FC6F593751D1642DE6BA55ADA1640C2270BDD95AA175044FD484AD1C47C0E328545BFC2A9CAAE1E1236F3C20B480019EFBAB71CE2BD921EE8
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1.t...................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13370037245661484.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}].....................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13370037245662687.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):293
                                                                                              Entropy (8bit):5.1222018900555275
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PnRFXCD1wkn23oH+Tcwt9Eh1ZB2KLllnPWmt+q2Pwkn23oH+Tcwt9Eh1tIFUv:PnRbfYeb9Eh1ZFLnnPWmovYfYeb9Eh1b
                                                                                              MD5:A315F91C51BEC60926C5C721D20DD465
                                                                                              SHA1:AF1AFEC80B7FE2B2E0726425956062EE58DF0195
                                                                                              SHA-256:E472AD9C88C965429C4AB1530463F610CEBDB61F18C66B0E66F61CE62E5A2933
                                                                                              SHA-512:9108D6DBF3887CA67BDC7B661884ACA6C8A9EE47329D890ED3D4D27ABBDDBF8923F10E361EA5D84D264CE62914FEE7AD273FA091C6D6D9A841D6376439010A9A
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:03.630 21f8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/05-15:14:04.344 21f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):12288
                                                                                              Entropy (8bit):0.3202460253800455
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                              MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                              SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                              SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                              SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.45822309127965904
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfB:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                              MD5:67B00E2F54602633BCDF1311C07F4851
                                                                                              SHA1:297360ACC5344CE47EB5429A903029C30DE2B405
                                                                                              SHA-256:E8033FD028322EECD86ADC0FBE13FA823FD4F8A93090725B3B509C9390386536
                                                                                              SHA-512:6421C1CCFF222FA6A6766D64685B04E429F1990265074AB20E3A222A6ECB4E928755721FAD5D3CC2893CEB83331E291A5717389C7C2FEA5A9A19E443DE805E9A
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNl5dZll/:Ls3DZll/
                                                                                              MD5:0D956A92EE3500D08D64D518460A3779
                                                                                              SHA1:25B8F4FC6BE7E548E49E0AF22C3D21EEDB47CE28
                                                                                              SHA-256:C8A0D4B4FEB2A4EE8B36BE02737E29FFB786CF9378ED9497A354BEAFDB7635B2
                                                                                              SHA-512:58CD7811B44AAA3D38C253F7CB4F975040C13954E3E63716582DD6B3A3367432131BD110CC3FF8DE031D6A9DFDDE62D47C555B570F9C13C3816E75E94E4156DD
                                                                                              Malicious:false
                                                                                              Preview:........................................E)J`../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):33
                                                                                              Entropy (8bit):3.5394429593752084
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):305
                                                                                              Entropy (8bit):5.213326976136306
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PN1FD1wkn23oH+TcwtnG2tbB2KLll/4Vjyq2Pwkn23oH+TcwtnG2tMsIFUv:PhyfYebn9VFLngAvYfYebn9GFUv
                                                                                              MD5:5CF469358C45014A48FB90A1952A818D
                                                                                              SHA1:B7A11C568FE0C5F29E956DC19C76CB7AE7D21533
                                                                                              SHA-256:BF91298A5AB621F6637E926DC74A871515A9CB8EF8976480398DE53C63A36D78
                                                                                              SHA-512:02EDC2CCBC87B7D6BAB79C8D3BF4177049EC9BCACB3819DBB04AC62224890D043705C7080A7AFB1BBAA693B7CD22B303BD7D0A05C2EA305E27741A1AD7D8DF01
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.169 1c50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/05-15:13:59.177 1c50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.494709561094235
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                              MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                              SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                              SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                              SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.6137531942555818
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jeLPpA7mL:Te8D4jJ/6Up+q
                                                                                              MD5:3F941431DDDA926B60331499F32EF0D5
                                                                                              SHA1:0793BEAC3CCD100C6C51AD1B9EB1F4B6D622B80B
                                                                                              SHA-256:BE37D7551824C684D5C9AD01388060C242CE3D08A35EB7904E75EDCE515866AC
                                                                                              SHA-512:9A9584C34EBDD68EB094DAE0CB61DEF36A9206149440DE3FCFFEF3ADAFE89ADA1DCA68FC561D6311504B17647B0B0D07F1683EFB406F2DBED109A8D8A57CDD16
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):375520
                                                                                              Entropy (8bit):5.354112056197904
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:VA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:VFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                              MD5:DC8F30B6DD18068B1F5E001E37B7E7F5
                                                                                              SHA1:087EB1F7745B5C4E4845A0417517E62A67EDD9D8
                                                                                              SHA-256:154D235554820AA6BE75FBC9ADF64D13A059C697696C932767FC92DBB48366E8
                                                                                              SHA-512:69622D9ADE22EF45D88FE180576429578640D25F962CA952946AC0892E1F7ACAA63C019CC932C4A07466B7F4D33F4B70894BF369C42BAEA417E67F22A52A1023
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1R.F.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370037245907890..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):309
                                                                                              Entropy (8bit):5.1922049876525955
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PnPQVHEmhq1wkn23oH+Tcwtk2WwnvB2KLllnPE9+q2Pwkn23oH+Tcwtk2WwnvIF2:PnPyE0fYebkxwnvFLnnPzvYfYebkxwnp
                                                                                              MD5:65C807BC0DB1C5F5C151BDF7096E7F62
                                                                                              SHA1:6D6EA383500EA5B811425D6A5F06015D76B1BAF0
                                                                                              SHA-256:B228130D76001FC2C3FEAE39F32EF82FB1EED97C04A071A2B6594026EAD3D90C
                                                                                              SHA-512:7875B2DE1F4643F2EA2BDA25C6C80F48C3940792B611048FEFB2618653E6049E17460A120E2917C7AD342F663625EB45181CED2A922EEBE37E68BB532E6E23CF
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:04.322 2218 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-15:14:04.356 2218 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):358860
                                                                                              Entropy (8bit):5.32461525024963
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RK:C1gAg1zfvS
                                                                                              MD5:E57740DBECD668A1FB22DA89EDB35B5D
                                                                                              SHA1:2832386839B7A83EAFCA5DB2EC63D086BD5942BB
                                                                                              SHA-256:6E06F91B4989E303BC96E85174D146AF0BAB1F9B64FB9F52CBFFD7CAD0553AEA
                                                                                              SHA-512:935F6146B8DD652C5D4922ADAA651977BF6BC3A4603B49C1EBD0CD29FD1DF8F6920A50B58D2939118CAD0E02DADD3501F02B1B4D0908F60E7C65A9883A5F1330
                                                                                              Malicious:false
                                                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):209
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):281
                                                                                              Entropy (8bit):5.177794880796964
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PxoD1wkn23oH+Tcwt8aVdg2KLllTudyq2Pwkn23oH+Tcwt8aPrqIFUv:PxoyfYeb0LnTXvYfYebL3FUv
                                                                                              MD5:61039C1D68052958FEA4F91936CE865D
                                                                                              SHA1:47B8B43A08795FF6622299EC2E7D272F4D00EBF8
                                                                                              SHA-256:B652CEAD78C2510FA14680265D9586A658BA07CEF9876E830B529C1067C0582F
                                                                                              SHA-512:6DA19941C2963CF11819AE447F685EB1A67D6F413150373C3335C14D41B35959707E2DBC4D3118BCFFD13729074CBC328E23D88019C1671AAC79377EAC12A84A
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.179 1c50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/05-15:13:59.188 1c50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):209
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):285
                                                                                              Entropy (8bit):5.128528637909757
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PB1wkn23oH+Tcwt86FB2KLllIRelyq2Pwkn23oH+Tcwt865IFUv:PkfYeb/FFLnIdvYfYeb/WFUv
                                                                                              MD5:C4923C216A14F0402D36B6748040D5D0
                                                                                              SHA1:BB9241DBD27B7A7BE099DD0E6613C0DBF7ED9AC0
                                                                                              SHA-256:80650913C12DA801B0C25C56F27E9FA9FFE4F168076BC79F8CD41D637FB7FB9A
                                                                                              SHA-512:3328BD08B5031A99BD125C53ADF97D63E74FD26643AF3F8E1D8BDC611E2758E65A02F35C6F4AE84AF34BCC0705AF416E04DF28B19C33A11FBE1A0F365FF75650
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.190 1c50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/05-15:13:59.204 1c50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):1197
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                              MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                              SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                              SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                              SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.183864319242531
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PnDSFN+q2Pwkn23oH+Tcwt8NIFUt82nDIsXZmw+2nDAVkwOwkn23oH+Tcwt8+eLJ:PnDhvYfYebpFUt82nDI4/+2nDY5JfYey
                                                                                              MD5:23CD7F5DEACB28BB81FC0586C49F197F
                                                                                              SHA1:41FF050F30AE9CB880A40AF9938101447A4EEF29
                                                                                              SHA-256:810F0C468173931888627113309046A3704859789E1445AA4C6516F3A311647F
                                                                                              SHA-512:78E4B8C472DEB7F28F350205200E16C882035C776403B88F1EAFFBE16C89AAA5BDCB72A2D0E3C2BF2769E1C15738879D612DDE89C0353C150E9C2DD8E02285C2
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:00.060 1c78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-15:14:00.063 1c78 Recovering log #3.2024/09/05-15:14:00.064 1c78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.183864319242531
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PnDSFN+q2Pwkn23oH+Tcwt8NIFUt82nDIsXZmw+2nDAVkwOwkn23oH+Tcwt8+eLJ:PnDhvYfYebpFUt82nDI4/+2nDY5JfYey
                                                                                              MD5:23CD7F5DEACB28BB81FC0586C49F197F
                                                                                              SHA1:41FF050F30AE9CB880A40AF9938101447A4EEF29
                                                                                              SHA-256:810F0C468173931888627113309046A3704859789E1445AA4C6516F3A311647F
                                                                                              SHA-512:78E4B8C472DEB7F28F350205200E16C882035C776403B88F1EAFFBE16C89AAA5BDCB72A2D0E3C2BF2769E1C15738879D612DDE89C0353C150E9C2DD8E02285C2
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:00.060 1c78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-15:14:00.063 1c78 Recovering log #3.2024/09/05-15:14:00.064 1c78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):4096
                                                                                              Entropy (8bit):0.3169096321222068
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                              MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                              SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                              SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                              SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.40981274649195937
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                              MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                              SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                              SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                              SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):429
                                                                                              Entropy (8bit):5.809210454117189
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                              Malicious:false
                                                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):2.446918242581471
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:0BCyvkDW7QmWelS9nsH4/Aztc8uuoKwxD57Qj:mNvkxmCsHXzC8Po1xaj
                                                                                              MD5:F950DDCC199F17EE09E48B0B99AA3758
                                                                                              SHA1:EA6575B318B79A2428755E4A289635652BF66D3B
                                                                                              SHA-256:D6F69C13B280C7AD0F51CF55D36F2FB12186B2B9BED0E6F7F2E4A2F2AB4D48E3
                                                                                              SHA-512:2656B8411AD38CBA922F7A4B59739623A9A0E46DAFB38C2A44E878202C6CBE394D7224ACB8CED59B6F1DBE19C7DADDC05EC7B1FB025DA4354D3E0BBA72987011
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):0.6469087939641718
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:aDx7QOwgYMJU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNCxDu7Q:ayLgQ+GPXBBE3upb0HtTTDxVjEp
                                                                                              MD5:FAA05C3C3C8381049E3BCB2F6F4EDEF5
                                                                                              SHA1:F1C78B6813890D7B41758844D8ED85D41D3F5786
                                                                                              SHA-256:228B671909D5E4A1911D6D8ECA13137D63DDFFEB25DC6F9FF51FE4B5EAC329D6
                                                                                              SHA-512:3C85566D987CB2A963AC4CA2D5DD3054D81731EC80D11665C33EE75F8D114527C344DD149F07B3E126782698701FD4A9DF9D195B8751C575AD065B29DA26E7A2
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8720
                                                                                              Entropy (8bit):0.32761642864732426
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Y5iA/J3+t76Y4QZZofU99pO0BY4tqR4EZY4QZvG25:Y5hHQws9LdIBQZGQ
                                                                                              MD5:31D512E8876240A73EED773007C0395B
                                                                                              SHA1:10552FDBBE007A930F723D6679C515F2D8DD1076
                                                                                              SHA-256:0B9A1591D33223381ABAF7AA74327389E3EA138A57EAE0756531A0F8BBEA93A5
                                                                                              SHA-512:BFBB41D25EFFA4131741BEA609FEC017A60A2BFBB608AAB623FD0320EE172D887DC6B305535983EF485657B1C98F91964E354F7A7FF6FF979B25F00A1D06F75A
                                                                                              Malicious:false
                                                                                              Preview:............ux.....'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):115717
                                                                                              Entropy (8bit):5.183660917461099
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                              Malicious:false
                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                              Category:dropped
                                                                                              Size (bytes):45056
                                                                                              Entropy (8bit):3.548627300464541
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:zj9P01kK773pLJcrQkQerYhiP/KbtPCgam6IWRKToaAu:zdO97Yre2YEP/WFmRKcC
                                                                                              MD5:B82860DC5A4772DF0C35710044F23B65
                                                                                              SHA1:071D695F08C088B798A4C1A734DAB1C29F9D0367
                                                                                              SHA-256:7A83844AFEB8A80AC87597172B93D5D9F5F2EC71F07083E23F6F848C1E07BCB5
                                                                                              SHA-512:2E1C629F0546D7F6CADF634F42ADE8483A455EFBDBF2704EEAE02A6BA229AE5676DDDCD36EE853B3E5E63BA34F2E393E09C962354B425D3826994F5C1058665C
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):406
                                                                                              Entropy (8bit):5.284348377346904
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:Pn80vYfYeb8rcHEZrELFUt82n1/+2n15JfYeb8rcHEZrEZSJ:P8+YfYeb8nZrExg8qxnJfYeb8nZrEZe
                                                                                              MD5:1B8A17480D252019D7DE24EB30537A51
                                                                                              SHA1:1C9E25E33748D245A3E5037229F4394A72C33EA2
                                                                                              SHA-256:703CC9C93BC691E1F5AE73F69197B30C186755D2A291D6A99520BE950261AEF8
                                                                                              SHA-512:7B76BC388CE26E11F722B3FD184975F420FE48F4E950710351BB68291ED5DD514C50B6633CBB14DE4F78BA2F41B2179FA689A568B09C27BBF285C6E4D3550C9D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:01.087 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-15:14:01.213 1ff8 Recovering log #3.2024/09/05-15:14:01.237 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):406
                                                                                              Entropy (8bit):5.284348377346904
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:Pn80vYfYeb8rcHEZrELFUt82n1/+2n15JfYeb8rcHEZrEZSJ:P8+YfYeb8nZrExg8qxnJfYeb8nZrEZe
                                                                                              MD5:1B8A17480D252019D7DE24EB30537A51
                                                                                              SHA1:1C9E25E33748D245A3E5037229F4394A72C33EA2
                                                                                              SHA-256:703CC9C93BC691E1F5AE73F69197B30C186755D2A291D6A99520BE950261AEF8
                                                                                              SHA-512:7B76BC388CE26E11F722B3FD184975F420FE48F4E950710351BB68291ED5DD514C50B6633CBB14DE4F78BA2F41B2179FA689A568B09C27BBF285C6E4D3550C9D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:01.087 1ff8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-15:14:01.213 1ff8 Recovering log #3.2024/09/05-15:14:01.237 1ff8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):334
                                                                                              Entropy (8bit):5.215597125651232
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Pe5Q+q2Pwkn23oH+Tcwt8a2jMGIFUt82tgZmw+2wkQVkwOwkn23oH+Tcwt8a2jM4:P7+vYfYeb8EFUt82q/+2wRV5JfYeb8bJ
                                                                                              MD5:358E8FA55AEBD4E9422E5A2C77E851FF
                                                                                              SHA1:F40568BC55B1D1E4EEAD1F9C766C0AC046BAF82F
                                                                                              SHA-256:0A37D07229430A63B9E148BA244AEC06741A186CF8E98224E48D00A50BBE8C2B
                                                                                              SHA-512:8F6A9E23F75CE7E3CE26F2FE83E8A3F948AC34B8EC632EC2FE137A015708F247F0ACB3DB424142412DE74081DEEA313EA30C83C170FD5A8FDCE41C818A4A9842
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.857 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-15:13:59.858 132c Recovering log #3.2024/09/05-15:13:59.861 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):334
                                                                                              Entropy (8bit):5.215597125651232
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Pe5Q+q2Pwkn23oH+Tcwt8a2jMGIFUt82tgZmw+2wkQVkwOwkn23oH+Tcwt8a2jM4:P7+vYfYeb8EFUt82q/+2wRV5JfYeb8bJ
                                                                                              MD5:358E8FA55AEBD4E9422E5A2C77E851FF
                                                                                              SHA1:F40568BC55B1D1E4EEAD1F9C766C0AC046BAF82F
                                                                                              SHA-256:0A37D07229430A63B9E148BA244AEC06741A186CF8E98224E48D00A50BBE8C2B
                                                                                              SHA-512:8F6A9E23F75CE7E3CE26F2FE83E8A3F948AC34B8EC632EC2FE137A015708F247F0ACB3DB424142412DE74081DEEA313EA30C83C170FD5A8FDCE41C818A4A9842
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.857 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-15:13:59.858 132c Recovering log #3.2024/09/05-15:13:59.861 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):57344
                                                                                              Entropy (8bit):0.863060653641558
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                              MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                              SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                              SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                              SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):45056
                                                                                              Entropy (8bit):0.40293591932113104
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                              MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                              SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                              SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                              SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\09241ba8-089a-4ef2-9c0a-dbdaf6e0f8aa.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):354
                                                                                              Entropy (8bit):5.469049407311367
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQctSEBv31dB8wXwlmUUAnIMp5n1jHqSQ:YWyX5Sg9vt+UAnIQcttR7N+UAnIgQ
                                                                                              MD5:33BE6C6060DC76ACF725C91D1C1DDE69
                                                                                              SHA1:77C8B91678A691960CB5E4E541948B82B7A00A0F
                                                                                              SHA-256:09C07DD97D7223B913CA34F5CF865E67474B2CE32EA5DC9E7B4DF8AB8695DA7C
                                                                                              SHA-512:977094CB88A790B7D277E1256D5CF5B0DF1B2921B6DE37875D973DEC31D0DDCC0A0E0AE43BEBEDACB7D517F2FB8D47A640C9F6A13F67604871EA8980D7D2F601
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757099712.990416,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725563712.99042}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2e286ef9-484c-4c52-bc20-36d5979158a4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2303
                                                                                              Entropy (8bit):5.27064286590975
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YXsO8sZfcdsiC5sSgsSgnsOVrsV+H0sI+HTes0+HBbZ:2dWaqCVo404y4B1
                                                                                              MD5:0BBB7CB91646FB656139C7BFAF8BCE18
                                                                                              SHA1:FC42E154BC6A9BDEDDDE2ED442176E879EF7DF3B
                                                                                              SHA-256:66D0AC63215CFC93F521A5164B00E82CA6597AABDE537A915F81F64C16342AC4
                                                                                              SHA-512:731AF5A308FE1E9C55C12608984BAE75E983A2CCE75016C8857DBA4F542AA80F1E34E39CA37653F2BF4721CABE30D188027A19691945A5C780F9A226D81B95D3
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372629243719500","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372629245242858","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370130846375957","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372629246699667","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpn

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6c7c2d49-4c80-4b5e-af50-f085e4682444.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\791a7bb8-bbc3-4759-86c1-cb6850fa9bdc.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\880940f3-3df2-4b8c-add1-8ec9ea17bf8e.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):1.0801403137282817
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8BmLaSRyNUaqq2ynNIEfOFyPr:ige+AumsDZbr
                                                                                              MD5:6D22ABC020757DDE84234B4EFFE6F8EE
                                                                                              SHA1:28C9012F81EA202E857C5D9133B5EB0AA098D69B
                                                                                              SHA-256:790F8E6F517E3E76DC2AC18183DB15F79741A61C560D9423D125FFA349028217
                                                                                              SHA-512:B615B81156FB893B54B8457A5C81D4AF953DC4A167C21B46C559DEC4D0205F30F568009C83D4E317750332C2118D084C6AE0AC5AEC5A6BD5F6B470222B17383E
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):61
                                                                                              Entropy (8bit):3.926136109079379
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c336.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):61
                                                                                              Entropy (8bit):3.926136109079379
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3ae71.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):61
                                                                                              Entropy (8bit):3.926136109079379
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):1.331348453412411
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:uIEumQv8m1ccnvS6ZDo2dQF2YQ9UZU1uRVkI:uIEumQv8m1ccnvS66282rUZUkd
                                                                                              MD5:2441A672291C7FF19FC90E69426033E3
                                                                                              SHA1:05A27A63D856EB4336FE446CEA96F0FC412357C4
                                                                                              SHA-256:8C5BB4E84DFBC60DE0A4737CB898EA20721B51A746702C0820A7AB338E2D0E61
                                                                                              SHA-512:9C884FA27CAB355C6F385EB1FA521B806244D534C95C2E6F91E574A0F2E3396956D9BFEB181819AA7B1320B3306C1ABD2D1E8DB6A2DA9CD3822C2ED959B0702B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF29f34.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b4b0.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):203
                                                                                              Entropy (8bit):5.4042796420747425
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                              Malicious:false
                                                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c336.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):203
                                                                                              Entropy (8bit):5.4042796420747425
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                              Malicious:false
                                                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3d2d2.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):203
                                                                                              Entropy (8bit):5.4042796420747425
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                              Malicious:false
                                                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):0.36515621748816035
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ba05cd13-0542-4196-8539-05231ccbf297.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):354
                                                                                              Entropy (8bit):5.476975957922044
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQctyBBv31dB8wXwlmUUAnIMp5ySQ:YWyX5Sg9vt+UAnIQctyBR7N+UAnIMQ
                                                                                              MD5:D52C9F4DB2C5E23427AC2B2076643265
                                                                                              SHA1:AB7268B28216C96701EC8C4E0F237AFFFC755DF0
                                                                                              SHA-256:CA300E9B3AC73AF084C2E0498CB0D6CA768E637B6F97A0AA624946B91146BE78
                                                                                              SHA-512:E18EBF43691E5CEBFD833622860551F431BF6C126D07ECA4BE49CF9084E317D3D7F89F6D5C9CB671127B431C09595F38C60D49B3E9C07CEFEDA7EB5CFFFF4E05
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757099652.40764,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725563652.407644}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d327da49-8bfa-41c4-8904-2e6aaccd756c.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e793d288-8efc-465b-b7e4-b62fe4e32990.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):111
                                                                                              Entropy (8bit):4.718418993774295
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.5744102022039023
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                                                              MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                                                              SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                                                              SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                                                              SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12316
                                                                                              Entropy (8bit):5.068563366473481
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZigaba4uyPJRJuaYP3R85pj+F9PQAn5c1f:sVQLA3ucJRJuGpUVQ6M
                                                                                              MD5:B2199707FFB121FEB89AAD5BBA1BD19B
                                                                                              SHA1:5161CAB26B2F42E5C6E26AC951242D40F55C5751
                                                                                              SHA-256:6A423B35914F065F1C62466553282563DF4968BFD69F90E943BAE765867E40F7
                                                                                              SHA-512:4928973B5BFC4558E0624DF7AED5823C511686D7E37603F39D2C34439A992680B00469D551CCD84507D2B46CBBCB9024AB5F653068DC8FD739A95D922545B6A0
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2defc.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12316
                                                                                              Entropy (8bit):5.068563366473481
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZigaba4uyPJRJuaYP3R85pj+F9PQAn5c1f:sVQLA3ucJRJuGpUVQ6M
                                                                                              MD5:B2199707FFB121FEB89AAD5BBA1BD19B
                                                                                              SHA1:5161CAB26B2F42E5C6E26AC951242D40F55C5751
                                                                                              SHA-256:6A423B35914F065F1C62466553282563DF4968BFD69F90E943BAE765867E40F7
                                                                                              SHA-512:4928973B5BFC4558E0624DF7AED5823C511686D7E37603F39D2C34439A992680B00469D551CCD84507D2B46CBBCB9024AB5F653068DC8FD739A95D922545B6A0
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF318b9.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12316
                                                                                              Entropy (8bit):5.068563366473481
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZigaba4uyPJRJuaYP3R85pj+F9PQAn5c1f:sVQLA3ucJRJuGpUVQ6M
                                                                                              MD5:B2199707FFB121FEB89AAD5BBA1BD19B
                                                                                              SHA1:5161CAB26B2F42E5C6E26AC951242D40F55C5751
                                                                                              SHA-256:6A423B35914F065F1C62466553282563DF4968BFD69F90E943BAE765867E40F7
                                                                                              SHA-512:4928973B5BFC4558E0624DF7AED5823C511686D7E37603F39D2C34439A992680B00469D551CCD84507D2B46CBBCB9024AB5F653068DC8FD739A95D922545B6A0
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF344f9.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12316
                                                                                              Entropy (8bit):5.068563366473481
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZigaba4uyPJRJuaYP3R85pj+F9PQAn5c1f:sVQLA3ucJRJuGpUVQ6M
                                                                                              MD5:B2199707FFB121FEB89AAD5BBA1BD19B
                                                                                              SHA1:5161CAB26B2F42E5C6E26AC951242D40F55C5751
                                                                                              SHA-256:6A423B35914F065F1C62466553282563DF4968BFD69F90E943BAE765867E40F7
                                                                                              SHA-512:4928973B5BFC4558E0624DF7AED5823C511686D7E37603F39D2C34439A992680B00469D551CCD84507D2B46CBBCB9024AB5F653068DC8FD739A95D922545B6A0
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39c70.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12316
                                                                                              Entropy (8bit):5.068563366473481
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZigaba4uyPJRJuaYP3R85pj+F9PQAn5c1f:sVQLA3ucJRJuGpUVQ6M
                                                                                              MD5:B2199707FFB121FEB89AAD5BBA1BD19B
                                                                                              SHA1:5161CAB26B2F42E5C6E26AC951242D40F55C5751
                                                                                              SHA-256:6A423B35914F065F1C62466553282563DF4968BFD69F90E943BAE765867E40F7
                                                                                              SHA-512:4928973B5BFC4558E0624DF7AED5823C511686D7E37603F39D2C34439A992680B00469D551CCD84507D2B46CBBCB9024AB5F653068DC8FD739A95D922545B6A0
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):33
                                                                                              Entropy (8bit):4.051821770808046
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                              MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                              SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                              SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                              SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                              Malicious:false
                                                                                              Preview:{"preferred_apps":[],"version":1}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):34462
                                                                                              Entropy (8bit):5.558329583896837
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:yImkJFWPm8fXY8F1+UoAYDCx9Tuqh0VfUC9xbog/OVRipX6rwO7/KDdKphtux:yImkJFWPm8fXYu1jaEoX/O7/I0ty
                                                                                              MD5:1E0A01CD81E3BC0F07F63B375F6A948F
                                                                                              SHA1:0F2C57ACB90C17CA23C2DE0214C99C99789D39EA
                                                                                              SHA-256:822BF282B2E3A6D7CD443ADE135AA3467F16FBAF19E8BA1E8DA4A20911473FBC
                                                                                              SHA-512:F6B8EC6BD8F74E95AACF45FE53DBA5DE4255325E94F5C01000AAA6E5A7D540C39122B20EEA1AC1DD1C4276A1EA4703EBFEF61A2F5DB20F3E68D06516C192C4FB
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370037239055276","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370037239055276","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2dbc0.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):34462
                                                                                              Entropy (8bit):5.558329583896837
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:yImkJFWPm8fXY8F1+UoAYDCx9Tuqh0VfUC9xbog/OVRipX6rwO7/KDdKphtux:yImkJFWPm8fXYu1jaEoX/O7/I0ty
                                                                                              MD5:1E0A01CD81E3BC0F07F63B375F6A948F
                                                                                              SHA1:0F2C57ACB90C17CA23C2DE0214C99C99789D39EA
                                                                                              SHA-256:822BF282B2E3A6D7CD443ADE135AA3467F16FBAF19E8BA1E8DA4A20911473FBC
                                                                                              SHA-512:F6B8EC6BD8F74E95AACF45FE53DBA5DE4255325E94F5C01000AAA6E5A7D540C39122B20EEA1AC1DD1C4276A1EA4703EBFEF61A2F5DB20F3E68D06516C192C4FB
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370037239055276","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370037239055276","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3152f.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):34462
                                                                                              Entropy (8bit):5.558329583896837
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:yImkJFWPm8fXY8F1+UoAYDCx9Tuqh0VfUC9xbog/OVRipX6rwO7/KDdKphtux:yImkJFWPm8fXYu1jaEoX/O7/I0ty
                                                                                              MD5:1E0A01CD81E3BC0F07F63B375F6A948F
                                                                                              SHA1:0F2C57ACB90C17CA23C2DE0214C99C99789D39EA
                                                                                              SHA-256:822BF282B2E3A6D7CD443ADE135AA3467F16FBAF19E8BA1E8DA4A20911473FBC
                                                                                              SHA-512:F6B8EC6BD8F74E95AACF45FE53DBA5DE4255325E94F5C01000AAA6E5A7D540C39122B20EEA1AC1DD1C4276A1EA4703EBFEF61A2F5DB20F3E68D06516C192C4FB
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370037239055276","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370037239055276","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):364
                                                                                              Entropy (8bit):4.018063499631703
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:S85aEFljljljljljljllRll/laDER6JXBhJw+CA5EEE:S+a8ljljljljljljlXltUEQpy+CA
                                                                                              MD5:D869E277BF083BF99EA42AB1865E19BD
                                                                                              SHA1:C2FA4BFA7FB8BBA55998D09C4828F30C6775F4A5
                                                                                              SHA-256:394B7940A38140B2A443AFB92B6B451C88547A3C556514A99AF1879345CEE019
                                                                                              SHA-512:D66E126AAECA6889807DED930D753846C26EB3F8B8D167BE3C741275ED6F1E52034EC6F6610EEB02DE2ABD117C1788DF8D146F142A24C76B8B2FA114509FF96C
                                                                                              Malicious:false
                                                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f................/..j................next-map-id.1.Knamespace-80ca4042_da4a_4f19_9674_1cedbf85fcda-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.143835594054952
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P2VueQ+q2Pwkn23oH+TcwtrQMxIFUt822XppgZmw+22BeQVkwOwkn23oH+Tcwtrb:Pn+vYfYebCFUt82wE/+2eDV5JfYebtJ
                                                                                              MD5:34EB8EC27D1339C22B2748C2FC3E68FC
                                                                                              SHA1:715CDC2E90C1E94BB3D34C678CE4A1F919FEA3BD
                                                                                              SHA-256:1185F0555E2CF4724B1DE362E2F4F4FC8CDE541AD67045F02B590F056B4161B2
                                                                                              SHA-512:DABEBFFC30A28CF5A4B6780E2486509E91E9610C18DCD846FE9CCE1A9C2001CF54E91A6CC8128C219564BFCEF6C428FBBA2B5E35E6FE9E20E7272183310B317A
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.800 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-15:13:59.802 132c Recovering log #3.2024/09/05-15:13:59.805 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.143835594054952
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P2VueQ+q2Pwkn23oH+TcwtrQMxIFUt822XppgZmw+22BeQVkwOwkn23oH+Tcwtrb:Pn+vYfYebCFUt82wE/+2eDV5JfYebtJ
                                                                                              MD5:34EB8EC27D1339C22B2748C2FC3E68FC
                                                                                              SHA1:715CDC2E90C1E94BB3D34C678CE4A1F919FEA3BD
                                                                                              SHA-256:1185F0555E2CF4724B1DE362E2F4F4FC8CDE541AD67045F02B590F056B4161B2
                                                                                              SHA-512:DABEBFFC30A28CF5A4B6780E2486509E91E9610C18DCD846FE9CCE1A9C2001CF54E91A6CC8128C219564BFCEF6C428FBBA2B5E35E6FE9E20E7272183310B317A
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.800 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-15:13:59.802 132c Recovering log #3.2024/09/05-15:13:59.805 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370037241661381

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):7469
                                                                                              Entropy (8bit):4.037129611020305
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:3snhQUxGlE3P5rvTSglI3P5rvTtCejhl3P5rvTkD:XE5r7NI5r7B5r7k
                                                                                              MD5:2BBC124BC873686D411C4812AE03F30C
                                                                                              SHA1:377F34240D39D79C26DAAC428D625271B022B789
                                                                                              SHA-256:10F81CFB0E47F2CB8264E8A975A7FE2AB9B87CB0FD11D44BFACE1ECED237CFE6
                                                                                              SHA-512:4004EA6034F6C5026A112098DA2960DCEF6C5AEBDEA7261CF2DE08447168A9FDA59D2148F7C4FDCC47BD3A3E30BB9D9F02242FE36C9638EEB2285DB012D4A9ED
                                                                                              Malicious:false
                                                                                              Preview:SNSS........"............"......"."............"........"........"........"....!..."................................"."1..,...."$...80ca4042_da4a_4f19_9674_1cedbf85fcda...."........".....x.........."...."........................"....................5..0...."&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}......"..........."........................"............"....>...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3obk9OPWcuWQsZYekXuhmaAVpweU_oL2PKNKHJuuYGg9vMw1dJEXBTsO7v82iCufyBU_Ca2qA&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519365463%3A1725563645742734&ddm=0......S.i.g.n. .i.n. .-. .G.o.o.g.l.e. .A.c.c.o.u.n.t.s...L...H...!...@...................................................................................................Y...d!..Z...d!..................................P...................................................>...h

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.44194574462308833
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):350
                                                                                              Entropy (8bit):5.139891500974555
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PDF4q2Pwkn23oH+Tcwt7Uh2ghZIFUt82KV3JZmw+2KV3DkwOwkn23oH+Tcwt7Uh9:PDGvYfYebIhHh2FUt82KVZ/+2KVz5Jf0
                                                                                              MD5:3343A600B5265ABD91E3CD6BA54D58D2
                                                                                              SHA1:73C4B26E257BCB1F3C67A5C4E556155EA8082FB2
                                                                                              SHA-256:2D4256D89274AC5D3DD3B6421B8400ED1E64DED22E182BD2EB230771F8FAE35E
                                                                                              SHA-512:145460081B2FAD755EFC105220A30359BF90C96E672356C0BFFD7253AA6635D2D292BDB7B17D7D1980CD1155BD041CAA34A1BA0C42D7811A4C5219F3AD557D23
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.111 1c80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-15:13:59.112 1c80 Recovering log #3.2024/09/05-15:13:59.112 1c80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):350
                                                                                              Entropy (8bit):5.139891500974555
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PDF4q2Pwkn23oH+Tcwt7Uh2ghZIFUt82KV3JZmw+2KV3DkwOwkn23oH+Tcwt7Uh9:PDGvYfYebIhHh2FUt82KVZ/+2KVz5Jf0
                                                                                              MD5:3343A600B5265ABD91E3CD6BA54D58D2
                                                                                              SHA1:73C4B26E257BCB1F3C67A5C4E556155EA8082FB2
                                                                                              SHA-256:2D4256D89274AC5D3DD3B6421B8400ED1E64DED22E182BD2EB230771F8FAE35E
                                                                                              SHA-512:145460081B2FAD755EFC105220A30359BF90C96E672356C0BFFD7253AA6635D2D292BDB7B17D7D1980CD1155BD041CAA34A1BA0C42D7811A4C5219F3AD557D23
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.111 1c80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-15:13:59.112 1c80 Recovering log #3.2024/09/05-15:13:59.112 1c80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):524656
                                                                                              Entropy (8bit):5.027445846313988E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsulEy+l/:Lslbl/
                                                                                              MD5:9474318345F2A153D804D5001637C012
                                                                                              SHA1:E5A8F18DE3C3DF44A0075C01F1ECFAFF80A56889
                                                                                              SHA-256:3BDE07DA84E5A4F6E8D05D6AA359E4D6840D35B5F5B6B51214544EC3B207179D
                                                                                              SHA-512:44770823089F31839970380E4A2D459D1C760B756CF709A76689DA1C32D618318515FA5E1BCE1DB2E6E906719C9A83B2639D14B5B52F7F5D1AB8C388AF9C02BB
                                                                                              Malicious:false
                                                                                              Preview:..........................................`../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNl7WfR:Ls38R
                                                                                              MD5:A16B02CAC9ABF2EDE636C12935492044
                                                                                              SHA1:67103A0AA692FC411CDEE136A7E882DBC64F76D6
                                                                                              SHA-256:E285B73EA6B958763F8572D0BF6B2E244D505A7624674A69DFF27D5D08CCE8A4
                                                                                              SHA-512:B7B71767DCA72EF14FAC9B73087C2204B9644296C2A038A684D87F9E07AE5BB227A01E5740828D144FDA9E91262EA23663A1C119892BEE0683F8F3B73619764C
                                                                                              Malicious:false
                                                                                              Preview:.........................................;W`../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):432
                                                                                              Entropy (8bit):5.233058757942631
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PnDS+vYfYebvqBQFUt82nDyXE/+2nDyqV5JfYebvqBvJ:PDjYfYebvZg8qDysDysJfYebvk
                                                                                              MD5:0DC44684ADBC229E1ED7F8E96FDC45AB
                                                                                              SHA1:3C397EEBCBDC30671870FC1A11E4188425926DC7
                                                                                              SHA-256:88A93D7AE04B3E1C44D488AA5278C4D5218360C04F10AF596B8FBB6D59653C56
                                                                                              SHA-512:7163C6B2698517F245C5EF842A2189F4A10437BA82A8B8197959C01B0A8FE7C2C0FC6ABF7B0F30552E883DFA5C065F25DC0D31ED73A19CBBF8C4455EB725E9BB
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:00.282 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-15:14:00.412 132c Recovering log #3.2024/09/05-15:14:00.418 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):432
                                                                                              Entropy (8bit):5.233058757942631
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PnDS+vYfYebvqBQFUt82nDyXE/+2nDyqV5JfYebvqBvJ:PDjYfYebvZg8qDysDysJfYebvk
                                                                                              MD5:0DC44684ADBC229E1ED7F8E96FDC45AB
                                                                                              SHA1:3C397EEBCBDC30671870FC1A11E4188425926DC7
                                                                                              SHA-256:88A93D7AE04B3E1C44D488AA5278C4D5218360C04F10AF596B8FBB6D59653C56
                                                                                              SHA-512:7163C6B2698517F245C5EF842A2189F4A10437BA82A8B8197959C01B0A8FE7C2C0FC6ABF7B0F30552E883DFA5C065F25DC0D31ED73A19CBBF8C4455EB725E9BB
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:00.282 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-15:14:00.412 132c Recovering log #3.2024/09/05-15:14:00.418 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5bac4368-1860-443b-a0a3-de6ef379ea53.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF2c961.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3b9eb.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):0.555790634850688
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                              MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                              SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                              SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                              SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b4b0.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):0.36515621748816035
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b06b9ee4-114c-4667-b138-aeaea65c1346.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):111
                                                                                              Entropy (8bit):4.718418993774295
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\cd3cb966-9abb-42ff-81d6-c54b36178393.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\da4074ee-39f6-4dff-89ae-96b443bebdaf.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\eb33086c-b41f-4efd-a0bb-614043b7b0ee.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):80
                                                                                              Entropy (8bit):3.4921535629071894
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                              Malicious:false
                                                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):420
                                                                                              Entropy (8bit):5.248055065626618
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PnzUk+vYfYebvqBZFUt82nzU/+2nzQkV5JfYebvqBaJ:PzmYfYebvyg8qzszQOJfYebvL
                                                                                              MD5:D28A39BC600B8BEEA9F5821ACDCDC4AA
                                                                                              SHA1:0A8B3E76B43036AD5B2D9008E75FD564E8924658
                                                                                              SHA-256:BE8C147E2EEB80F8AC1C99CD35F9E1FE06F67615E6DBBEE58D201FD2FF601742
                                                                                              SHA-512:9BA2C2C27C499B1477388083FD12799F51B4512756E9BA10E430B9AF0211CFCD3C1B87DF6E0B4821D138F916CE0FCF1CD34220D9153F9ECF3247B49C01742BE7
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:16.031 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-15:14:16.032 132c Recovering log #3.2024/09/05-15:14:16.035 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):420
                                                                                              Entropy (8bit):5.248055065626618
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PnzUk+vYfYebvqBZFUt82nzU/+2nzQkV5JfYebvqBaJ:PzmYfYebvyg8qzszQOJfYebvL
                                                                                              MD5:D28A39BC600B8BEEA9F5821ACDCDC4AA
                                                                                              SHA1:0A8B3E76B43036AD5B2D9008E75FD564E8924658
                                                                                              SHA-256:BE8C147E2EEB80F8AC1C99CD35F9E1FE06F67615E6DBBEE58D201FD2FF601742
                                                                                              SHA-512:9BA2C2C27C499B1477388083FD12799F51B4512756E9BA10E430B9AF0211CFCD3C1B87DF6E0B4821D138F916CE0FCF1CD34220D9153F9ECF3247B49C01742BE7
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:16.031 132c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-15:14:16.032 132c Recovering log #3.2024/09/05-15:14:16.035 132c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):326
                                                                                              Entropy (8bit):5.216256063817236
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PmH4q2Pwkn23oH+TcwtpIFUt82UzJZmw+2VfF3DkwOwkn23oH+Tcwta/WLJ:P1vYfYebmFUt82Q/+2JFz5JfYebaUJ
                                                                                              MD5:2C2518F1B2A64E9885FA4D20C444C4EE
                                                                                              SHA1:C82EF1DAB5A1C463E4D9F651CF4A505231D5029B
                                                                                              SHA-256:7B29D3EF9EF34DF18B7C046F55F1CD9180577D7FAC8700F7B227E3BA49B93997
                                                                                              SHA-512:3811850AF96FEA5C1D3903D7DE419ED214D905000D28A48FFBF08E70AB59AB7AAC8ADFDDC19BD2A724B136F494447A8DAE4F7897E39C0B18A6882F890BFB1B78
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.086 1c80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-15:13:59.091 1c80 Recovering log #3.2024/09/05-15:13:59.092 1c80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):326
                                                                                              Entropy (8bit):5.216256063817236
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PmH4q2Pwkn23oH+TcwtpIFUt82UzJZmw+2VfF3DkwOwkn23oH+Tcwta/WLJ:P1vYfYebmFUt82Q/+2JFz5JfYebaUJ
                                                                                              MD5:2C2518F1B2A64E9885FA4D20C444C4EE
                                                                                              SHA1:C82EF1DAB5A1C463E4D9F651CF4A505231D5029B
                                                                                              SHA-256:7B29D3EF9EF34DF18B7C046F55F1CD9180577D7FAC8700F7B227E3BA49B93997
                                                                                              SHA-512:3811850AF96FEA5C1D3903D7DE419ED214D905000D28A48FFBF08E70AB59AB7AAC8ADFDDC19BD2A724B136F494447A8DAE4F7897E39C0B18A6882F890BFB1B78
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.086 1c80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-15:13:59.091 1c80 Recovering log #3.2024/09/05-15:13:59.092 1c80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.26707851465859517
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                              MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                              SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                              SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                              SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):131072
                                                                                              Entropy (8bit):0.005536643945525777
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ImtVx//l/vmrJl/3yE/lm2S9Ktl:IiVt/IGEtm19KX
                                                                                              MD5:7AF11DD88904EC148F62D22A6AABA344
                                                                                              SHA1:975F3750704D23E8680C25685FC1AB0ABF1DB423
                                                                                              SHA-256:97FE294BEF695B23AC5C846C4DCC73945229FE0F96A56459AA573DD2C29F5419
                                                                                              SHA-512:A69707BE393E7872DA1C066EA7751B123656484700D54C9AE84E06FF5D6D23A6F2A3280545073C2E22308689C3FBC219EB83450D98C94C006C09571E5CBE5726
                                                                                              Malicious:false
                                                                                              Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                                              Category:dropped
                                                                                              Size (bytes):184320
                                                                                              Entropy (8bit):1.06713140086123
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:QSqzWMMUfTinGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumY7ln6:QrzWMffGnzkkqtXnTK+hNH+5EVum6
                                                                                              MD5:D953D7EBB6E833EA396CD07C80152C99
                                                                                              SHA1:FB85D07A4FC3F0244196BC021542359372118DC0
                                                                                              SHA-256:63EE8D9608633F3EA43C5DCAB16D255BCABA9DA8A94FAF7051E48994ABDC725D
                                                                                              SHA-512:4A196B7BC8538B0BF1497FF5D6B13054BDA4AA6DFB5D82BEE950E46678911A6E4EBC29B03C1D998A931F72C127A72BECC79DF7FA5EF9A770090BDBBFCE905776
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                                              Category:dropped
                                                                                              Size (bytes):14336
                                                                                              Entropy (8bit):1.418901806694809
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgj2RyKWo1ct+0w2RyKWoDxj/:PtSjGhp22iS3DetfDZ
                                                                                              MD5:0FE770007DB84C75EE601C779DDB5686
                                                                                              SHA1:1EE5B12C6DA8667629F36201CF8BF23E76FA46B7
                                                                                              SHA-256:5BE76EC328855C048554D251E0D3501BF35985F2FD7CF753CB8568BFA6B488E1
                                                                                              SHA-512:2EFDC00CA0E140F5529E11F84741C4BB90754B9F57F755099B48ED90D414842AF583743A5B5EC5F62F815222C9E787B1A724F34F2FA6A0F8CC8F8C5020F5F7B8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):40960
                                                                                              Entropy (8bit):0.41235120905181716
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):11755
                                                                                              Entropy (8bit):5.190465908239046
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                              Malicious:false
                                                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b06f37cc-bfd1-493f-a0ff-38accf0cc911.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):115717
                                                                                              Entropy (8bit):5.183660917461099
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                              Malicious:false
                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c90e3361-0e8f-4f1e-b6a3-184c52885394.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12316
                                                                                              Entropy (8bit):5.068563366473481
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZigaba4uyPJRJuaYP3R85pj+F9PQAn5c1f:sVQLA3ucJRJuGpUVQ6M
                                                                                              MD5:B2199707FFB121FEB89AAD5BBA1BD19B
                                                                                              SHA1:5161CAB26B2F42E5C6E26AC951242D40F55C5751
                                                                                              SHA-256:6A423B35914F065F1C62466553282563DF4968BFD69F90E943BAE765867E40F7
                                                                                              SHA-512:4928973B5BFC4558E0624DF7AED5823C511686D7E37603F39D2C34439A992680B00469D551CCD84507D2B46CBBCB9024AB5F653068DC8FD739A95D922545B6A0
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d9665320-2070-46db-8866-55ade3a185f3.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13651
                                                                                              Entropy (8bit):5.233772871078938
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVQJ9pQTryZiuaba4uyPJRJumNF8VhBiZrYP3R85pj+F9PQAv5c1f:sVQLAJucJRJuYFehBiZ9pUVQCM
                                                                                              MD5:7646E9BA71C5550EC2905A31764176DA
                                                                                              SHA1:727470DC14C770DEBE387ADAC463C870DD5638B2
                                                                                              SHA-256:4A5845C36A694D031A750D360FF0BA83E250EDD7361FDDF13FAC02BF878ABCA9
                                                                                              SHA-512:3A0890C2A19A08B05F5794E9057DD724E28AEDC8E729744F7E821465832F3BE71C4126EDFCC6B12FAF17BA4B0497202FAE1B43F729B3B4E54D5C11A8AC732C1F
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370037239797867","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.3410017321959524
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ec6dd577-8889-4419-abb6-dd893306f40f.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):37817
                                                                                              Entropy (8bit):5.5558975895514715
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:yImk9R7pLGLvvFWPm8fQY8F1+UoAYDCx9Tuqh0VfUC9xbog/OVRipX6rwO7adDdf:yImk9HcvvFWPm8fQYu1jaEoX/O7ar0t4
                                                                                              MD5:8F988CFF52E2AA6ABF8843352CD02E94
                                                                                              SHA1:C63AB0BBB3DE458A0353903A23E101D124F81CCA
                                                                                              SHA-256:545412CB1B95CB2E3D7DF06FD9E9E3AB806C3BC9724A9D829DF539B658073DA3
                                                                                              SHA-512:9E2E1378D1C5466855B41C8837492E19E4681439C56856E4F65482DDA6C3539FCCA8C17D537946C0C348AD5D9D6996B058E18F5016E9453E8D6B366FD5AB7601
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370037239055276","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370037239055276","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fb5cdc09-7f88-4e5b-91f2-40a182c2ada0.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):39660
                                                                                              Entropy (8bit):5.56231879982855
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:yImk9R7pLGLvvFWPm8fQY8F1+UoAYDCx9Tuqh0VfUC9xbog/OVleZipX6rwO7anh:yImk9HcvvFWPm8fQYu1ja4eZoX/O7ahv
                                                                                              MD5:11609EA3E35EC9296E61760883040335
                                                                                              SHA1:C3E0DA61270A6AF6A0214CC043F72F0A7CB52B4D
                                                                                              SHA-256:ABD2A6C7975F42EDCDAC9B9F87838C9496FA46AF014A055BDFFF5487C683A750
                                                                                              SHA-512:5DC5823979F3D930C6B437DC78B765B4273871FDA98A3125F72C8506FED6C9EB6CC45408DD68ECE4B2E0D123E9A51BD4FE7BED809739F7F92B4A1ACE78BCD031
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370037239055276","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370037239055276","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):16384
                                                                                              Entropy (8bit):0.35226517389931394
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                              MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                              SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                              SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                              SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.09709351770667508
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:G9l/f/lu9l/f/l39XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/VlG:CtXl6tXl9FnnnnnnnnnnnnnnpEo
                                                                                              MD5:D36BEEC281B9672E82430BBC2A3FCCF1
                                                                                              SHA1:A7994B58919E3D53BDB52C40F0CC2DE72BFE6AA3
                                                                                              SHA-256:DFA5C9F3C2F6F1645D2FC979B3CCE00DDADFA3EA29CEAF7DBE2182552F8B022D
                                                                                              SHA-512:B97C6CEA5C8C19E9BB0F9D24C4E1B6FAC25573ACC390B1588C656C03C05489C5B48BA24102FAB8526FB48A0B3EF64B88E32ACEB5E89B2884AA34899E9BB9509B
                                                                                              Malicious:false
                                                                                              Preview:..-.............H............./6.E....-..&.X@....-.............H............./6.E....-..&.X@..........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                              Category:dropped
                                                                                              Size (bytes):296672
                                                                                              Entropy (8bit):1.0156118279537734
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:arIG7xoCHRKuPu3u3uwIupupuGuZPuOOuZ3:arP3RZWeewXoo9gOlZ3
                                                                                              MD5:09F3CA63927AB6DE617F420CC9090807
                                                                                              SHA1:2887CC3C2E42017742D27095F87E65DBE7EC872F
                                                                                              SHA-256:7A1C2828322896D7A969470091A355BE1B589B6C191435487FC10918711BF5F0
                                                                                              SHA-512:87818B9EC7382968AC11EF009E1C1CAA8949DA8193C9C05C8217633CC4A2291E8434FC728BD4C803B3DF4CFAFF9333B85BAA4A33F73DD10A3E426C9F74598865
                                                                                              Malicious:false
                                                                                              Preview:7....-...........E....-...H.............E....-._......Q................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):250
                                                                                              Entropy (8bit):3.7610695696908047
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:VVXntjQPEnjQvxljlVO9/l3seGKT9rcQ6xmqEOtlTxotlTxotlTxotlTxotl:/XntM+4ljlsFl3sedhOmqEOuuuu
                                                                                              MD5:67E02ED84B0201AD44AAE2FC4F23A1AC
                                                                                              SHA1:C30AA2D67F47B5E8C0657C8DDA642698096114FE
                                                                                              SHA-256:C73F6D257354904C4517B30C11AAAA7524D6CBE062B507F7EC66878DF82158FC
                                                                                              SHA-512:DC29AA94C7961BFA65500249E6C96F4B98B610C6A4D8DDAB9347335EAE26DA96F9EF5AEC5C08F0A214C86474BABA62DD640EAE25D41F3AE70FD4F99BB965B5D1
                                                                                              Malicious:false
                                                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f.................&f...............}..Y0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):281
                                                                                              Entropy (8bit):5.200826611571219
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PnDwt1wkn23oH+Tcwtfrl2KLllnDQwz+q2Pwkn23oH+TcwtfrK+IFUv:PnDvfYeb1LnnDpz+vYfYeb23FUv
                                                                                              MD5:1E90B9FC179B438697D1C2FD51F27095
                                                                                              SHA1:3EB155EBFF622A6F208E9EB02DFA9966E1382052
                                                                                              SHA-256:7AB779251B305A36773247B9EBFF3CD344EFA0A58FCDA0092BE9E31C8A1E209F
                                                                                              SHA-512:3880E79FBB30255A6310ACF86258E40F280FB78F96FA775A90E8462EC8ED980CE06A0CD8F491873B25816FAFA1F85CC93E688F43058336226005164CD59D59EF
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:14:00.437 1fec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/05-15:14:00.517 1fec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):617
                                                                                              Entropy (8bit):3.8928709595458733
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:G0nYUteza//z3p/Uz9XZmh/U/Wj8qMR8dbrRw:G0nYUtezaD3RUnmhCWzH2
                                                                                              MD5:FBA2ADB939E9EFCED0CC3656E9B97D44
                                                                                              SHA1:E5F252705A567C50414A09F117A88788D5DB0BE6
                                                                                              SHA-256:BE7D041133A4130FF80692FF348A317FA1235F2C7385125B8108639238D22853
                                                                                              SHA-512:E30796FF972C5066FDD50913D5565E73686C6114A2AC7020F6B772F13DBD55D2951785A1F24342F83046E0E75DE35D621DDE30BA3BC701628A54D87091771D83
                                                                                              Malicious:false
                                                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_.........................20_........].................20_.....{a...................19_.....f.F..................18_..........................9_........k.................9_........J.................39_.....I.Ha.................37_......m.}.................38_..........................39_.....

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):299
                                                                                              Entropy (8bit):5.191624635778958
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P5+1wkn23oH+Tcwtfrzs52KLllnDwlN+q2Pwkn23oH+TcwtfrzAdIFUv:PLfYebs9LnnD8N+vYfYeb9FUv
                                                                                              MD5:00846D02DCE27E3DA8F838C63A55E922
                                                                                              SHA1:C2F93931E6921B7400B0C9FBED84A331474493F6
                                                                                              SHA-256:613D329B1829907E3EB7CB38053FCB77DC19D3C94939DA0A765E2A662A27D85D
                                                                                              SHA-512:6981559BD40C3EA5E3830EC2B8B2A7DD615433296A82DD98A3A4F25725846D434A4A7647C7CEC8627E902F602298B2C5EF6B58C818E62D9D313D69185551381A
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-15:13:59.816 1fec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/05-15:14:00.433 1fec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNlp/lt:Ls31lt
                                                                                              MD5:81F66A74EDF39484F303703F5C93913F
                                                                                              SHA1:5476AAC39C66CFEE4D056F263FD307E724A23AA5
                                                                                              SHA-256:1B859A059DA4E81E70A1FA6ABB2CD33EA1DD1F989DA94F2CBED66F6EA53E73A4
                                                                                              SHA-512:31CB71039226D9B0DF00E9DDA894C8D5011E8C1EAEF40543771B4CC4FF8A1EF66F9FB7D68B45130D87CE0599008071857FAAD4271C5AF33C9086308165746EE1
                                                                                              Malicious:false
                                                                                              Preview:.........................................-R`../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNlnc:Ls3c
                                                                                              MD5:F67243015F1AE3A41E425696E999DDCA
                                                                                              SHA1:6285F4D0849069094FA03BAF019E6327FFC90D8C
                                                                                              SHA-256:37FB3577905632B79BBE8782B5BA068001E18D3D3ABFD57AE4AE7D99EE7914E2
                                                                                              SHA-512:D1D46C86D5E52509F86BD3A941506C6E07E7140E5F9C99E156C4680E711A55C32D581A9191512F0569086B9FA62BD5A2B3D4A0D0BBB8CAB10E7AB2E0E3749456
                                                                                              Malicious:false
                                                                                              Preview:..........................................U`../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):120
                                                                                              Entropy (8bit):3.32524464792714
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                              Malicious:false
                                                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):13
                                                                                              Entropy (8bit):2.7192945256669794
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                              Malicious:false
                                                                                              Preview:117.0.2045.47

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2862d.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28b9c.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b25e.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d528.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d567.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f3bc.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f3dc.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39aca.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c1ea.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f7af.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.793604952627965
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfk375ih/cI9URLl8RotoV/MFVvlwhmxe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akM3ceiRUuh+6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CED04E25B71C9CB84A380C7C3A5D24F1
                                                                                              SHA1:9D05E51F39D71B017613C08C060F8FC5D924D83F
                                                                                              SHA-256:2445E4667419C7BBF6B0E10C66669B7F38A80AC8172651902154BE512807F9F4
                                                                                              SHA-512:FCF40AD0723AFD413CF65FCDBC4B984C52815344AFD17CD8404D97986A377FB56BF1D90DB1FE84E3DF06FCDEC330E3271BBCEEA0B1F13827C28DD83669C96AEB
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABjblzMr4mcQJlvjq0Yk1MqEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAyKsix2qW8EZjELCBDNtAcJUryfu4IwENiWbGm1K7d+AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.5963118027796015
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNlQH/:Ls3QH/
                                                                                              MD5:E7E757535CEC31C1BBECBD3554B2E6AD
                                                                                              SHA1:1791BC571040D4E4CF4C0E1F969BE4621ED4DDC4
                                                                                              SHA-256:0C56363E481358B39F6BCD809A8ABA70EB041BB3DE583D29C39C8B9BB50127E7
                                                                                              SHA-512:C307FDF6AD78C6CB4DE77F129A4EC86BCA6A2E4B732F2CF17AA6E2D9FF8843DF7B32BFF4F351FE55CF81723811E16C5CB5E78D97C6FC13E6843D6FF0A9CB1C99
                                                                                              Malicious:false
                                                                                              Preview:........................................fF-`../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):47
                                                                                              Entropy (8bit):4.3818353308528755
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                              MD5:48324111147DECC23AC222A361873FC5
                                                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                              Malicious:false
                                                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):35
                                                                                              Entropy (8bit):4.014438730983427
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                              Malicious:false
                                                                                              Preview:{"forceServiceDetermination":false}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):29
                                                                                              Entropy (8bit):3.922828737239167
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:2NGw+K+:fwZ+
                                                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                              Malicious:false
                                                                                              Preview:customSynchronousLookupUris_0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):35302
                                                                                              Entropy (8bit):7.99333285466604
                                                                                              Encrypted:true
                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                              Malicious:false
                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):18
                                                                                              Entropy (8bit):3.5724312513221195
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                              MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                              SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                              SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                              SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                              Malicious:false
                                                                                              Preview:edgeSettings_2.0-0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3581
                                                                                              Entropy (8bit):4.459693941095613
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                              MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                              SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                              SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                              SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                              Malicious:false
                                                                                              Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):47
                                                                                              Entropy (8bit):4.493433469104717
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                              Malicious:false
                                                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):35302
                                                                                              Entropy (8bit):7.99333285466604
                                                                                              Encrypted:true
                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                              Malicious:false
                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):50
                                                                                              Entropy (8bit):3.9904355005135823
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                              Malicious:false
                                                                                              Preview:topTraffic_170540185939602997400506234197983529371

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):575056
                                                                                              Entropy (8bit):7.999649474060713
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                              Malicious:false
                                                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):86
                                                                                              Entropy (8bit):4.389669793590032
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                                              MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                                              SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                                              SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                                              SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                                              Malicious:false
                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a1242c96-a3a0-4bf2-a51d-59cb0d4d522e.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):22924
                                                                                              Entropy (8bit):6.046704100969786
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:utMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhzzfWOEHA0SDTx5JkjrKyqOh:iMGQ7FCYXGIgtDAWtJ4n1J6FHA0S3xXq
                                                                                              MD5:0B2402ED50EDB8F1105CC1830877F806
                                                                                              SHA1:A75B2E57A06B0D7FA39680ED6942FF857D6C5A28
                                                                                              SHA-256:D4DCC74D6C9E27B00CD5FE17C73DE038B37B6D0A76D1350FAFD1FC8BDFF13ADE
                                                                                              SHA-512:6D3DD479A651B51B9A26BF49725D7BAE99C4C4B58BA3F7773622A41127CC792E49D09973B73EF57A6038684CA47B26F9D22A81132CD74EED7CDD503362D50153
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370037239977610","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ac55ba4e-75f2-46e1-83e1-d7b1b5be6720.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):8239
                                                                                              Entropy (8bit):5.793896687402677
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:fsNAM3heiRUkyjMkA56qRAq1k8SPxVLZ7VTiQ:fsNAix/4HA56q3QxVNZTiQ
                                                                                              MD5:61D66B24A17BE3F8EA53A015B454597C
                                                                                              SHA1:ED772CB9CBAFC8DAC472B6CD81E95A10F5126A80
                                                                                              SHA-256:881341C5F04D620D645DC08DA9764DA7F56D3F7C9E3C7EF3E5F4F7403E89B48C
                                                                                              SHA-512:7FE393E241185BF81D5E78C2D2905854BA98B05BEC2EF6C88798712582162265BD111A68DCDAE44805877A15F2677846ACDC1FC87028C40B0C2A56D3F619BD3D
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b2ed7dbe-60af-4637-b6ca-d43c8e539f21.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):8090
                                                                                              Entropy (8bit):5.810952266640586
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:asNAM3heiRUxHQZlkAV6qRAq1k8SPxVLZ7VTiq:asNAixQwZ2AV6q3QxVNZTiq
                                                                                              MD5:2135837F432254C3AC057D4673E29D04
                                                                                              SHA1:A30AE56697051C67B6220EB9652F7C7F4AD51608
                                                                                              SHA-256:E69BDF4BADF8B6A6E2714C4740C8AB5114014CBFF8EEA445E58F7CE9529098AF
                                                                                              SHA-512:A13C170675A2325FF00B9DB1D4D40B530D88FECE56F0545A89595524FB578695ED12A4C6D8007075B8ED7311EAD8EEDB8A16332E573EB5D98F6E565FEC09ED7F
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b67712a3-3da3-4865-9ba1-8f2535d35a4d.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):8321
                                                                                              Entropy (8bit):5.787891695993085
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:fsNwM3heiRUZyjMkA56qRAq1k8SPxVLZ7VTiQ:fsNwixI4HA56q3QxVNZTiQ
                                                                                              MD5:126CF86E116540E08BBC8A47232BCCB5
                                                                                              SHA1:C5EDFFA3548A2EA4B339BB609553764FCF0DB795
                                                                                              SHA-256:D3F65429BBB45403EDA82C4A61E698D1873FF1E8D3DA097F92D73CE180851C01
                                                                                              SHA-512:77CFF91909668FE021A35EFBC13D15FF11125E12B760F232CBD7BFACDD4BA92628B4C43AE8378BDE2D3E5B4282F8C68C89364B841AFBEDBD6AAD6A1C0F0D43EF
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):2278
                                                                                              Entropy (8bit):3.8531636984907727
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:uiTrlKxrgxaxl9Il8ulvJB0oyIqbYTXNg8Wd1rc:mTY7v0oyIOYTdg8N
                                                                                              MD5:65061F004BE8A4150B1E0F3ED4EB12D2
                                                                                              SHA1:AD70CC4EF493911DD683ECBEE02E5250249E73A1
                                                                                              SHA-256:628A3C1F1C7B752EA3809E6CEE03CF50D4B32CB9B76B3CCF4DBEB43C15B882BD
                                                                                              SHA-512:A15B6181B3BAA244495C9A5501EFB75F5A89B4BD54E5536F12F71174EBAFCC48D673D0EF0B1365707FCC18F5B6D95CD28C0D24142815F218DA23D03FA2D2BC35
                                                                                              Malicious:false
                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.H.f.L.J.t.D./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Y.2.5.c.z.K.

                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4622
                                                                                              Entropy (8bit):4.00167276801235
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:3Y7opQ94ZfI4Wf7xeYDds5aqRt19Bj80GmIAnfJ:3+o+ifIXzdwv9BjlJ
                                                                                              MD5:4DFC6CFCE00813782CEC99861C659E32
                                                                                              SHA1:97F755928720E7D12AFAB2B753D1BDD2DDC91BE8
                                                                                              SHA-256:771618C4BBC3FC994DAEAD8C17191FE6DE1075AD4C4EFE9C5A8535A6BBE7802A
                                                                                              SHA-512:E653C328FD37A06B74A2604DBD41043AAE6688717A019906353B9F85D87DBF62F9040236DC405EAE6DCA30DCC09E81A1D6770CFD14296F263833EE3D527F3BB3
                                                                                              Malicious:false
                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".q.q.K.R.D.M.j./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Y.2.5.c.z.K.

                                                                                              C:\Users\user\AppData\Local\Temp\235ceda7-7ca1-4319-8d03-f1eedd636f4b.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                                              Category:dropped
                                                                                              Size (bytes):76319
                                                                                              Entropy (8bit):7.996132588300074
                                                                                              Encrypted:true
                                                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                                              MD5:24439F0E82F6A60E541FB2697F02043F
                                                                                              SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                                              SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                                              SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                                              Malicious:false
                                                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                              C:\Users\user\AppData\Local\Temp\4475c6ad-cd84-49e7-a395-f5a8666f80e2.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                              Category:dropped
                                                                                              Size (bytes):206855
                                                                                              Entropy (8bit):7.983996634657522
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                              Malicious:false
                                                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                              C:\Users\user\AppData\Local\Temp\600f092c-c02e-426b-9c80-2b59ffacfcc5.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 695599
                                                                                              Category:dropped
                                                                                              Size (bytes):530166
                                                                                              Entropy (8bit):7.998026308465027
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:I1G0GfmcGDwmyu0bCD7gQ7zfAegwBb0UVMf+xVmY6ChWH1:z0GeAmx13vvBb0G2+xVmYbK
                                                                                              MD5:7C56FEE29D2FC93D6106F315BA7C7256
                                                                                              SHA1:6B26E4D5FBCAEBA7589FD2D46051E6CF58D5AC80
                                                                                              SHA-256:485A075A8B0FE7D0043462FE2985D69AE667E4A27D3DCB9B8AAB4AA0027DA624
                                                                                              SHA-512:8E8F0F0BB0B5627A2F59D9B01740F9791DA34CD0E5400C1EC51DFA534EBC768DFC3FEC2E3F57AEE49A431DE4BC6B609D714BDC8FFC72E2809D314A6EC56674B2
                                                                                              Malicious:false
                                                                                              Preview:...........kw.H.0.W.........X..$....8$.g.`.&!......o?U.]..Fr..t....q................jt8....W....Y.....N.n.p.O....R...z6s.?{...~5]=...........f.=g.7.....5*)......<...I.n.XL.o/.'......w..d.......0.oM.F.l..W7..5.=dQ.dOo.................K......8.?.O?\(..............az|.......c....~..N....v.}3............]}.p.c......W..]...].....{.(}7...OB...n.....e..>ZV....v.t...v.N.y.....#/............}........?.(n.~3v[..!...S...qq. .{b../^..6...x9..~......+../\.FS.f..?G..z._.U..}..V.%Ni ...~....d....7h....ke../>.}...v..........H59.....&&.X..~j.m/h.I..].^f.....:...s.<9..>_.....bx^.F0.5......!....=..g.L<O]..+..V._..$j.iSk...a..nf...6...-.;S..=...z...>.VO...Z..D..xN..x.N..N......:.O`.W..d9]..O{.=^Pn!...zf..@3*g..YPj].N..j.Cwa..K..Yk{k;b>Ce.R{[Gy....}.l;&X..%.......y...6.ck..ioz..}.>...:.Q.6+`=... ..Z...\.x.Fb.].`...+..]..s.n..ex.q[.Y.m..n.aK..bT.=..V.?{..DG.l..~.5..F3..v...\j.-)..Vv.n.1uB..>.........8-.3.mA.....cl....a5...o..7..ui....njo6..rzv./\}...Xk..n

                                                                                              C:\Users\user\AppData\Local\Temp\7e3cf322-d51d-4827-a1b2-06be9005812f.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):135751
                                                                                              Entropy (8bit):7.804610863392373
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                              C:\Users\user\AppData\Local\Temp\b0dfd172-49b7-4999-89a6-119d4869f846.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):11185
                                                                                              Entropy (8bit):7.951995436832936
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):353
                                                                                              Entropy (8bit):5.314794081870603
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YEpTtQ7jhL56s/upTtJGKQJjDrwv/upTtPuKDCu56s/C:YSpmhL56s/YpV0Dkv/YpPuKDn56s/C
                                                                                              MD5:261645F3C48B7719210E45F208F5CA08
                                                                                              SHA1:6D6CCCDAA23D71ADAE9F19485067292DDF0D74DD
                                                                                              SHA-256:206C1BB738A0CD2C38917EFE46DF066F39CE1243ED7BDDFB21929E89AE60A8C0
                                                                                              SHA-512:067C318434D326D3BA27ABD5E1ECB3161F053BD009C868B752B82B74551ACAFEB60DDDC4E8F418CFD6F91FF119C69B7D94BAC981B79CC870DA950DFFE3AF0358
                                                                                              Malicious:false
                                                                                              Preview:{"logTime": "0905/191404", "correlationVector":"rq8o4U8ZBAe9kBp5aWMVut","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0905/191404", "correlationVector":"99333DC323734577ABC16389808F4092","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0905/191404", "correlationVector":"XQaDYC7uyABZg538oeRDlH","action":"EXTENSION_UPDATER", "result":""}.

                                                                                              C:\Users\user\AppData\Local\Temp\dfaf4577-dcb6-4502-9a68-1969ee2915f6.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Temp\f8b3da4a-aff5-4e55-96ea-9ac55a1f71c0.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.4593089050301797
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                              Malicious:false
                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_1338486605\CRX_INSTALL\_metadata\verified_contents.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1753
                                                                                              Entropy (8bit):5.8889033066924155
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                              Malicious:false
                                                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_1338486605\CRX_INSTALL\content.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):9815
                                                                                              Entropy (8bit):6.1716321262973315
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                              Malicious:false
                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_1338486605\CRX_INSTALL\content_new.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):10388
                                                                                              Entropy (8bit):6.174387413738973
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                              Malicious:false
                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_1338486605\CRX_INSTALL\manifest.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):962
                                                                                              Entropy (8bit):5.698567446030411
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                              Malicious:false
                                                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_1338486605\b0dfd172-49b7-4999-89a6-119d4869f846.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):11185
                                                                                              Entropy (8bit):7.951995436832936
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\7e3cf322-d51d-4827-a1b2-06be9005812f.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):135751
                                                                                              Entropy (8bit):7.804610863392373
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\128.png

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):4982
                                                                                              Entropy (8bit):7.929761711048726
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\af\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):908
                                                                                              Entropy (8bit):4.512512697156616
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\am\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1285
                                                                                              Entropy (8bit):4.702209356847184
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ar\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1244
                                                                                              Entropy (8bit):4.5533961615623735
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\az\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):977
                                                                                              Entropy (8bit):4.867640976960053
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\be\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3107
                                                                                              Entropy (8bit):3.535189746470889
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\bg\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1389
                                                                                              Entropy (8bit):4.561317517930672
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\bn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1763
                                                                                              Entropy (8bit):4.25392954144533
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ca\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):930
                                                                                              Entropy (8bit):4.569672473374877
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\cs\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):913
                                                                                              Entropy (8bit):4.947221919047
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\cy\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):806
                                                                                              Entropy (8bit):4.815663786215102
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\da\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):883
                                                                                              Entropy (8bit):4.5096240460083905
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\de\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1031
                                                                                              Entropy (8bit):4.621865814402898
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\el\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1613
                                                                                              Entropy (8bit):4.618182455684241
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\en\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):851
                                                                                              Entropy (8bit):4.4858053753176526
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):851
                                                                                              Entropy (8bit):4.4858053753176526
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):848
                                                                                              Entropy (8bit):4.494568170878587
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\en_US\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1425
                                                                                              Entropy (8bit):4.461560329690825
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                              Malicious:false
                                                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\es\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):961
                                                                                              Entropy (8bit):4.537633413451255
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\es_419\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):959
                                                                                              Entropy (8bit):4.570019855018913
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\et\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):968
                                                                                              Entropy (8bit):4.633956349931516
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\eu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):838
                                                                                              Entropy (8bit):4.4975520913636595
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\fa\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1305
                                                                                              Entropy (8bit):4.673517697192589
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\fi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):911
                                                                                              Entropy (8bit):4.6294343834070935
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\fil\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):939
                                                                                              Entropy (8bit):4.451724169062555
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\fr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):977
                                                                                              Entropy (8bit):4.622066056638277
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):972
                                                                                              Entropy (8bit):4.621319511196614
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\gl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):990
                                                                                              Entropy (8bit):4.497202347098541
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\gu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1658
                                                                                              Entropy (8bit):4.294833932445159
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\hi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1672
                                                                                              Entropy (8bit):4.314484457325167
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\hr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):935
                                                                                              Entropy (8bit):4.6369398601609735
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\hu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1065
                                                                                              Entropy (8bit):4.816501737523951
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\hy\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2771
                                                                                              Entropy (8bit):3.7629875118570055
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\id\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):858
                                                                                              Entropy (8bit):4.474411340525479
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\is\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):954
                                                                                              Entropy (8bit):4.631887382471946
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\it\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):899
                                                                                              Entropy (8bit):4.474743599345443
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\iw\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2230
                                                                                              Entropy (8bit):3.8239097369647634
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ja\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1160
                                                                                              Entropy (8bit):5.292894989863142
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ka\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3264
                                                                                              Entropy (8bit):3.586016059431306
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\kk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3235
                                                                                              Entropy (8bit):3.6081439490236464
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\km\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3122
                                                                                              Entropy (8bit):3.891443295908904
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\kn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1880
                                                                                              Entropy (8bit):4.295185867329351
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ko\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1042
                                                                                              Entropy (8bit):5.3945675025513955
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\lo\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2535
                                                                                              Entropy (8bit):3.8479764584971368
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\lt\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1028
                                                                                              Entropy (8bit):4.797571191712988
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                              MD5:970544AB4622701FFDF66DC556847652
                                                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\lv\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):994
                                                                                              Entropy (8bit):4.700308832360794
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ml\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2091
                                                                                              Entropy (8bit):4.358252286391144
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\mn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2778
                                                                                              Entropy (8bit):3.595196082412897
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\mr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1719
                                                                                              Entropy (8bit):4.287702203591075
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ms\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):936
                                                                                              Entropy (8bit):4.457879437756106
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\my\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3830
                                                                                              Entropy (8bit):3.5483353063347587
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                              MD5:342335A22F1886B8BC92008597326B24
                                                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ne\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1898
                                                                                              Entropy (8bit):4.187050294267571
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\nl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):914
                                                                                              Entropy (8bit):4.513485418448461
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\no\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):878
                                                                                              Entropy (8bit):4.4541485835627475
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\pa\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2766
                                                                                              Entropy (8bit):3.839730779948262
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\pl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):978
                                                                                              Entropy (8bit):4.879137540019932
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):907
                                                                                              Entropy (8bit):4.599411354657937
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):914
                                                                                              Entropy (8bit):4.604761241355716
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ro\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):937
                                                                                              Entropy (8bit):4.686555713975264
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ru\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1337
                                                                                              Entropy (8bit):4.69531415794894
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\si\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2846
                                                                                              Entropy (8bit):3.7416822879702547
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\sk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):934
                                                                                              Entropy (8bit):4.882122893545996
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\sl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):963
                                                                                              Entropy (8bit):4.6041913416245
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\sr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1320
                                                                                              Entropy (8bit):4.569671329405572
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\sv\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):884
                                                                                              Entropy (8bit):4.627108704340797
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\sw\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):980
                                                                                              Entropy (8bit):4.50673686618174
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ta\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1941
                                                                                              Entropy (8bit):4.132139619026436
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\te\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1969
                                                                                              Entropy (8bit):4.327258153043599
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\th\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1674
                                                                                              Entropy (8bit):4.343724179386811
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\tr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1063
                                                                                              Entropy (8bit):4.853399816115876
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\uk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1333
                                                                                              Entropy (8bit):4.686760246306605
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\ur\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1263
                                                                                              Entropy (8bit):4.861856182762435
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\vi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1074
                                                                                              Entropy (8bit):5.062722522759407
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):879
                                                                                              Entropy (8bit):5.7905809868505544
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1205
                                                                                              Entropy (8bit):4.50367724745418
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):843
                                                                                              Entropy (8bit):5.76581227215314
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_locales\zu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):912
                                                                                              Entropy (8bit):4.65963951143349
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\_metadata\verified_contents.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):11280
                                                                                              Entropy (8bit):5.754230909218899
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                                              Malicious:false
                                                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\dasherSettingSchema.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):854
                                                                                              Entropy (8bit):4.284628987131403
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                              Malicious:false
                                                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\manifest.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2525
                                                                                              Entropy (8bit):5.417689528134667
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                                              Malicious:false
                                                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\offscreendocument.html

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:HTML document, ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):97
                                                                                              Entropy (8bit):4.862433271815736
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                              Malicious:false
                                                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\offscreendocument_main.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (4369)
                                                                                              Category:dropped
                                                                                              Size (bytes):95567
                                                                                              Entropy (8bit):5.4016395763198135
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                                              Malicious:false
                                                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\page_embed_script.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):291
                                                                                              Entropy (8bit):4.65176400421739
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                              Malicious:false
                                                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7884_710715739\CRX_INSTALL\service_worker_bin_prod.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (4369)
                                                                                              Category:dropped
                                                                                              Size (bytes):103988
                                                                                              Entropy (8bit):5.389407461078688
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                                              Malicious:false
                                                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                              Category:dropped
                                                                                              Size (bytes):453023
                                                                                              Entropy (8bit):7.997718157581587
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                              Malicious:false
                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):3.91829583405449
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                              Malicious:false
                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):3.91829583405449
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                              Malicious:false
                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):66
                                                                                              Entropy (8bit):4.837595020998689
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):66
                                                                                              Entropy (8bit):4.837595020998689
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36830
                                                                                              Entropy (8bit):5.185924656884556
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                              Malicious:false
                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36830
                                                                                              Entropy (8bit):5.185924656884556
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                              Malicious:false
                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1021904
                                                                                              Entropy (8bit):6.648417932394748
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1021904
                                                                                              Entropy (8bit):6.648417932394748
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):116
                                                                                              Entropy (8bit):4.968220104601006
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                              Malicious:false
                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):116
                                                                                              Entropy (8bit):4.968220104601006
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                              Malicious:false
                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):11292
                                                                                              Entropy (8bit):5.531294274368879
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:wnaRtZYbBp6ihj4qyaaXo6KhwkfGNBw8rYSl:Xegqc69cwp0
                                                                                              MD5:F178E94D10B82E78561DCA9B835E6D76
                                                                                              SHA1:08621B5CEFB93FB32C76C9A228B1C85316963A2E
                                                                                              SHA-256:67A8520F7B33786D58071397F0B07AF398639B436B4CA0D08B7BB2F7A8A250FA
                                                                                              SHA-512:8EA4D655D1C4E632095B41878AF443D65994B533ADFC7835C94B2A8C9210B8281A764436A5486AFAEA046A0121927DED15D6D26A88AA5BC84040FC2F63C084BD
                                                                                              Malicious:false
                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725567292);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725567292);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):11292
                                                                                              Entropy (8bit):5.531294274368879
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:wnaRtZYbBp6ihj4qyaaXo6KhwkfGNBw8rYSl:Xegqc69cwp0
                                                                                              MD5:F178E94D10B82E78561DCA9B835E6D76
                                                                                              SHA1:08621B5CEFB93FB32C76C9A228B1C85316963A2E
                                                                                              SHA-256:67A8520F7B33786D58071397F0B07AF398639B436B4CA0D08B7BB2F7A8A250FA
                                                                                              SHA-512:8EA4D655D1C4E632095B41878AF443D65994B533ADFC7835C94B2A8C9210B8281A764436A5486AFAEA046A0121927DED15D6D26A88AA5BC84040FC2F63C084BD
                                                                                              Malicious:false
                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725567292);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725567292);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):53
                                                                                              Entropy (8bit):4.136624295551173
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                              Malicious:false
                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):53
                                                                                              Entropy (8bit):4.136624295551173
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                              Malicious:false
                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):271
                                                                                              Entropy (8bit):5.491068826545657
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgC410tVSNNzdDdCQ:vLz2S+EWDDoWqC+bfPK346sd9
                                                                                              MD5:7AFA91DA5FA1003DD0AE19E181AA73EC
                                                                                              SHA1:539408B536AEFC0593C86AA67298325FAAE1B26A
                                                                                              SHA-256:B7FECA73BD928B1F2E27713D3BE80B4BF274888C0C4F0CCD330F2F38B13ECFFC
                                                                                              SHA-512:13AB7282B022BAF9E7B4542D9751D12F5216C082958923A705CB74362B3A44727211C1C4DAA021A77CC125FB10A3CCD6769CB708F042377BECA6AE542098A317
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725567281465,"startTim...#61399,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):271
                                                                                              Entropy (8bit):5.491068826545657
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgC410tVSNNzdDdCQ:vLz2S+EWDDoWqC+bfPK346sd9
                                                                                              MD5:7AFA91DA5FA1003DD0AE19E181AA73EC
                                                                                              SHA1:539408B536AEFC0593C86AA67298325FAAE1B26A
                                                                                              SHA-256:B7FECA73BD928B1F2E27713D3BE80B4BF274888C0C4F0CCD330F2F38B13ECFFC
                                                                                              SHA-512:13AB7282B022BAF9E7B4542D9751D12F5216C082958923A705CB74362B3A44727211C1C4DAA021A77CC125FB10A3CCD6769CB708F042377BECA6AE542098A317
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725567281465,"startTim...#61399,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):6.57959027695413
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:file.exe
                                                                                              File size:917'504 bytes
                                                                                              MD5:0ca13c099ee8094b069bc5731e460add
                                                                                              SHA1:91312c49389194c73dde0c56215f44f725dd5f96
                                                                                              SHA256:c4b7edbfe5989674c9717e1660353f385eb5f34afe95932d8e387b67dd86ec67
                                                                                              SHA512:478574f8586d5727a2f3dd14f079cd02d894e0db60332ece2b44b9363d751359b377632080eee02631a36b8e67ca834e84732dddf8b9ca64128fdf42c7f8bac3
                                                                                              SSDEEP:12288:rqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTT:rqDEvCTbMWu7rQYlBQcBiT6rprG8avT
                                                                                              TLSH:06159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3
                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                              File Icon

                                                                                              Icon Hash:aaf3e3e3938382a0

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x420577
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x66D9FAD6 [Thu Sep 5 18:39:18 2024 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:5
                                                                                              OS Version Minor:1
                                                                                              File Version Major:5
                                                                                              File Version Minor:1
                                                                                              Subsystem Version Major:5
                                                                                              Subsystem Version Minor:1
                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              call 00007F2D4CE82D13h
                                                                                              jmp 00007F2D4CE8261Fh
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              push dword ptr [ebp+08h]
                                                                                              mov esi, ecx
                                                                                              call 00007F2D4CE827FDh
                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                              mov eax, ecx
                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              push dword ptr [ebp+08h]
                                                                                              mov esi, ecx
                                                                                              call 00007F2D4CE827CAh
                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                              mov eax, ecx
                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              mov esi, ecx
                                                                                              lea eax, dword ptr [esi+04h]
                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                              and dword ptr [eax], 00000000h
                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                              push eax
                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                              add eax, 04h
                                                                                              push eax
                                                                                              call 00007F2D4CE853BDh
                                                                                              pop ecx
                                                                                              pop ecx
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                              push eax
                                                                                              call 00007F2D4CE85408h
                                                                                              pop ecx
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              mov esi, ecx
                                                                                              lea eax, dword ptr [esi+04h]
                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                              push eax
                                                                                              call 00007F2D4CE853F1h
                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                              pop ecx

                                                                                              Rich Headers

                                                                                              Programming Language:
                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rsrc0xd40000x95000x96004bd9f079e0c9c5a3e566ae0a8f45da1aFalse0.28109375data5.161460630778484IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                              Imports

                                                                                              DLLImport
                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                              UxTheme.dllIsThemeActive
                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishGreat Britain

                                                                                              Network Behavior

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Sep 5, 2024 21:13:53.740962982 CEST49675443192.168.2.4173.222.162.32
                                                                                              Sep 5, 2024 21:14:03.494143963 CEST49675443192.168.2.4173.222.162.32
                                                                                              Sep 5, 2024 21:14:05.202171087 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.202197075 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.202251911 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.202630043 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.202642918 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.970355034 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.971577883 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.971595049 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.972032070 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.972045898 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.972110987 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.972120047 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.972366095 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.972824097 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.975497007 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.975572109 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.976094961 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:05.976104975 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.126503944 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.525482893 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.525525093 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.525594950 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.525609970 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.525862932 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.525909901 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.525918007 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.531739950 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.533600092 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.533607006 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.544732094 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.545171976 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.545185089 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.564203978 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.564982891 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.565000057 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.573718071 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.573771954 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.573785067 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.578432083 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.578557014 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.578568935 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.592598915 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.593489885 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.593502998 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.644015074 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.714328051 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.714478016 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.714503050 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.714524031 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.714540005 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.714654922 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.721606016 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.723436117 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.723474979 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.723478079 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.723489046 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.723535061 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.735069990 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.742007971 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.742062092 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.742077112 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.757517099 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.758755922 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.758765936 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.768280983 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.769090891 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.769104004 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.769989967 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.770085096 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.770092010 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.772779942 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.773247957 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.773258924 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.780241013 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.781220913 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.781238079 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.787925959 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.790967941 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.790982008 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.848576069 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.901117086 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.901247025 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.901364088 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.901401997 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.901726961 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.901742935 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.901918888 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.902165890 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.902194023 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.902209997 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.902493000 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.902569056 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.902750015 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.902757883 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.902780056 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.903981924 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.905159950 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.905168056 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.909564018 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.912115097 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.912127972 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.915222883 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.915760040 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.915769100 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.916908979 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.917340040 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.917378902 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.917614937 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.917625904 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.918423891 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.919231892 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.919363976 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.920142889 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.920152903 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922274113 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922297001 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922357082 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.922367096 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922394991 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922652960 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922684908 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922707081 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.922861099 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.922869921 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.991482019 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.991513968 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.993612051 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.993675947 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.996737957 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:06.996754885 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.998719931 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.002399921 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.005770922 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.005800009 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.006447077 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.006474018 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.006484985 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.008778095 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.008785963 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.009715080 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.010011911 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.015482903 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.015512943 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.016748905 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.016768932 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.017102003 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.019854069 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.024370909 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.024399996 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.024636030 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.024645090 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.025202036 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.028872967 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.033488035 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.033566952 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.033591032 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.034991026 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.035003901 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.037882090 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.042376041 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.042618990 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.042783976 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.044430017 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.044751883 CEST49746443192.168.2.4142.250.186.129
                                                                                              Sep 5, 2024 21:14:07.044763088 CEST44349746142.250.186.129192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.063050032 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.063103914 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.063190937 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.063637018 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.063690901 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.063846111 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.063858986 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.063914061 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.064166069 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.064177990 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.197673082 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.197695971 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.197777987 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.198317051 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.198328972 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.203978062 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.203998089 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.204073906 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.204081059 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.205714941 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.205727100 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.205954075 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.205964088 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.206060886 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.206069946 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.220446110 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.220463991 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.220812082 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.221041918 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.221054077 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.667608976 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.667836905 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.667882919 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.667918921 CEST49761443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:07.667959929 CEST4434976135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.668984890 CEST49761443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:07.669250965 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.669258118 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.669353008 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.669370890 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.669507027 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.669513941 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.670381069 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.670416117 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.670527935 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.672327042 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.672327042 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.672328949 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.673402071 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.673465014 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.673695087 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.673767090 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.673774004 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.673844099 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.673954964 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.674011946 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.674082994 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.689039946 CEST49761443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:07.689053059 CEST4434976135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.716500998 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.716509104 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.720505953 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.740947008 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.740947008 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.740952969 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.740962982 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.793832064 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.794552088 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.795583010 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.801716089 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.812623978 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.812623978 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.812625885 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.812872887 CEST49755443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.812887907 CEST44349755172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.813117027 CEST49757443192.168.2.4162.159.61.3
                                                                                              Sep 5, 2024 21:14:07.813128948 CEST44349757162.159.61.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.813257933 CEST49756443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:07.813262939 CEST44349756172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.884325027 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.884779930 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.885622978 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.885629892 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.885632992 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.885734081 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.885741949 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.886332035 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.886337996 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.886643887 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.886743069 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.887355089 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.887382984 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.887383938 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.887698889 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.888426065 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.888494015 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.888499975 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.888556957 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.888559103 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.888611078 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.888814926 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.888855934 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.888910055 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:07.932502985 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.936505079 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.936506033 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.005517006 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.005522013 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.005522013 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.005534887 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.042702913 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.042709112 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.145611048 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.184356928 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.184370041 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.184390068 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.184396982 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.184418917 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.184451103 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187098026 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187103033 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187108994 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187123060 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187129974 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187144041 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187144041 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187150002 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187150955 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187153101 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.187158108 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.189225912 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.193598986 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.193613052 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.193619967 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.209716082 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.209717035 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.209726095 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.209727049 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.216399908 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.216418028 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.216876030 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.216876984 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.217266083 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.217268944 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.273585081 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273597956 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273619890 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273627996 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273642063 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273652077 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273895979 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273905039 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273929119 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273940086 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273950100 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.273958921 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.276240110 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.276340961 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.276369095 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.276369095 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.284054995 CEST4434976135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.284739017 CEST49761443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:08.308883905 CEST49761443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:08.308901072 CEST4434976135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.309046030 CEST4434976135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.309077978 CEST49761443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:08.309084892 CEST4434976135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.314804077 CEST49761443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:08.371623039 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.371637106 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.371668100 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.371676922 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.371690989 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.371696949 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.371702909 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.371742964 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.372463942 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.372472048 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.372507095 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.372514963 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.373203993 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.373212099 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.373234034 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.373244047 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.373254061 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.373261929 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374084949 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374099016 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374115944 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374121904 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374908924 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374914885 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374937057 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374958992 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.374999046 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375008106 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375025988 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375032902 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375035048 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375050068 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375057936 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375067949 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375072956 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375082016 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375152111 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.375233889 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375284910 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375284910 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375328064 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375328064 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375368118 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375416040 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375417948 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375417948 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.375509024 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.383697987 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:08.388689041 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.397331953 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:08.402709961 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:08.407656908 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.491997957 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.492021084 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.492959976 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.492994070 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.493752003 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.493767977 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.495347977 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.495364904 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.497312069 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.497347116 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.499659061 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.499672890 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.499716997 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.499881983 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.500260115 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.500302076 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.500336885 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.500370026 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.544568062 CEST49760443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.544579029 CEST4434976013.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.558692932 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.561785936 CEST49758443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.561801910 CEST4434975813.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.582258940 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.582282066 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.583301067 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.583336115 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.584079027 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.584093094 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.584876060 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.584892988 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.585578918 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.585613012 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.586522102 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.586553097 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.587272882 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.587305069 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.587357998 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.589555979 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.597388983 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.604995966 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.607131958 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.607601881 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.607676029 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.608350039 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.608387947 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.608906031 CEST49759443192.168.2.413.107.246.57
                                                                                              Sep 5, 2024 21:14:08.608920097 CEST4434975913.107.246.57192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.866425037 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.896135092 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.896155119 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.896315098 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.896343946 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.896466017 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.896472931 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.896610022 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.896615028 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.896704912 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.896723032 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.896727085 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.896727085 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897264957 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897273064 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.897464037 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897469997 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.897646904 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897659063 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.897767067 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897783041 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.897857904 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897870064 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.897978067 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897990942 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.898061991 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.898205042 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.898468018 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.898485899 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.898588896 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.898597956 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.915990114 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:08.920960903 CEST804976934.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.922512054 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:08.922718048 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:08.927706957 CEST804976934.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.943681002 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:09.052836895 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.052879095 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.053128004 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.054972887 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.054980993 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.140921116 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:09.140945911 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.141573906 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:09.142163038 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:09.142170906 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.150511980 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.150528908 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.150754929 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.151041031 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.151046991 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.151333094 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.151360989 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.151501894 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.151527882 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.151683092 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.151694059 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.151787043 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.151793957 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.151962996 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.151973963 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.152364969 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152367115 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152375937 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152375937 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152429104 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152625084 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152635098 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.152754068 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152764082 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.152853012 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152861118 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.152940035 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.152952909 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.153044939 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.153055906 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.363053083 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.364203930 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.364213943 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.364674091 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.365047932 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.365112066 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.366914034 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.367201090 CEST804976934.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.367364883 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.367369890 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.368027925 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.368740082 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.368757963 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.368839025 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.368846893 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.368928909 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.368937016 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.369213104 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.369220018 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.369434118 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.369575024 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.369822979 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.369853973 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.369860888 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.369926929 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.369995117 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.370086908 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.370289087 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.370292902 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.370929956 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.370944977 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.370995998 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.371238947 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.371303082 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.371448994 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.371510029 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.371759892 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.371824026 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.371862888 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.372276068 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.372351885 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.447324038 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.447369099 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.447525024 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.447566986 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.447654963 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.447662115 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.447726965 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.447796106 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.447974920 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.447987080 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.448101044 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.448112965 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.448116064 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.448302984 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.448312044 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.493566036 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.493566036 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.493585110 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.493617058 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.493621111 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.493622065 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.493630886 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.547678947 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:09.547797918 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.547797918 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.547806025 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.602598906 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.602607965 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.602612019 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.648718119 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.698553085 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.704508066 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.709897041 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.709933043 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.712320089 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.712327003 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.712558985 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.821147919 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.836844921 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.850650072 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.868659973 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.868695974 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.869304895 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.869375944 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.869405031 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.910816908 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.920887947 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:09.930933952 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.932738066 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.934360981 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.939474106 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.939491987 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:09.939491987 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.939779997 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.939786911 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.964500904 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.991719007 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:09.991724014 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.992132902 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.040040016 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.040044069 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.044744015 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.044754982 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.045809031 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.045820951 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.048209906 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.048217058 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.048316956 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.048321962 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.048408031 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.048429966 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.048508883 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.048521996 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.048703909 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.049268007 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.049279928 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.049475908 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.049485922 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.049592972 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.049604893 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.051886082 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:10.051898956 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.051969051 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.051978111 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.052064896 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.052068949 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.052153111 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.052160025 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.052589893 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.052599907 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.052963972 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.052978992 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.053030014 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.053040028 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.055035114 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.063199997 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.065454960 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.065454960 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.066962004 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.066962957 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:10.081459045 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.081537962 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.081728935 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.081799984 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.081945896 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.082016945 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.086200953 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.086272955 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.086432934 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.086510897 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.086735964 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.086802959 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.087059021 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.087135077 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.087337971 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.087449074 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.087532997 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.087613106 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.106981039 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.107088089 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.111973047 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:10.138333082 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:10.138514042 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.155900002 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:10.155927896 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.155939102 CEST49770443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:10.155944109 CEST44349770184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.160041094 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.160078049 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.160099030 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.160116911 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.160136938 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.160178900 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.160187960 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.160196066 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.160432100 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.160444021 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.160501003 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:10.160511971 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.200505018 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.204500914 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.221858978 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:10.221892118 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.221997023 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:10.222352982 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:10.222366095 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.245328903 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.245328903 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.245328903 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.245328903 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:10.269139051 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.269279957 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.269942045 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.270960093 CEST49776443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.270977020 CEST4434977613.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.271311045 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.271328926 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.271404028 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.271879911 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.271889925 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.273068905 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.273087978 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.273158073 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.273165941 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.273438931 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.274189949 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.274300098 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.274316072 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.274450064 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.274699926 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.274797916 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.274822950 CEST49777443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.274830103 CEST4434977713.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.274959087 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.275501013 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.275518894 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.275537968 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.275839090 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.276401043 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.277575016 CEST49778443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.277580976 CEST4434977813.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.278388023 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.278592110 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.278603077 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.278629065 CEST49774443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.278642893 CEST4434977413.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.278650045 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.278974056 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.281343937 CEST49773443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.281349897 CEST4434977313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.283401966 CEST49775443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:10.283412933 CEST4434977513.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.305218935 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.305218935 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.305233955 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.349380970 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.349402905 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.349515915 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.355839014 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:10.359694958 CEST49771443192.168.2.423.96.180.189
                                                                                              Sep 5, 2024 21:14:10.359714985 CEST4434977123.96.180.189192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.502674103 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.004200935 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.008018017 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:11.009438038 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:11.009448051 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.009705067 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.012785912 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:11.060491085 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.129442930 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.129467964 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.129548073 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.129718065 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.129728079 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.187096119 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.187361002 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:11.187369108 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.187704086 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.188126087 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:11.188126087 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:11.188191891 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.285677910 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.285753965 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.287883997 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:11.303410053 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.303827047 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.304853916 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:11.315222025 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 5, 2024 21:14:11.315237999 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.319336891 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:11.319346905 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.319375992 CEST49782443192.168.2.4184.28.90.27
                                                                                              Sep 5, 2024 21:14:11.319384098 CEST44349782184.28.90.27192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.413136959 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.413162947 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.413249016 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.413254976 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.416450977 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.416517019 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.417026043 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.417041063 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.417128086 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.417145014 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.630781889 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.631131887 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.631140947 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.632015944 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.632067919 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.632894039 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.632945061 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.633018017 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.680490017 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.719561100 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:11.719580889 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.719664097 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:11.719810963 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:11.719820976 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.739703894 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.739710093 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.776256084 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.776309013 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.776746035 CEST49784443192.168.2.4142.251.40.202
                                                                                              Sep 5, 2024 21:14:11.776757002 CEST44349784142.251.40.202192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.900207043 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.901032925 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.901046991 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.901408911 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.901484013 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.902364969 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.902426004 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.903383017 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.903445005 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.903575897 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.905328989 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.906418085 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.906430960 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.906778097 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.906836987 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.907442093 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.907509089 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.907644033 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.907713890 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.907932043 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.948498964 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.948503017 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.975939035 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.975949049 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.975977898 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:11.975990057 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.086885929 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.086946011 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.087474108 CEST49785443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.087486029 CEST44349785142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.088032007 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.088145018 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.089004040 CEST49786443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.089010000 CEST44349786142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.190273046 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.190640926 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:12.190653086 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.191617966 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.194714069 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:12.195792913 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:12.195859909 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.195950031 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:12.240497112 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.290941954 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.290977001 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.291055918 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.291080952 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.291349888 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.291440964 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:12.294719934 CEST49787443192.168.2.4142.250.80.68
                                                                                              Sep 5, 2024 21:14:12.294735909 CEST44349787142.250.80.68192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.450773001 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.450790882 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.451034069 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.451055050 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.451320887 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.451416969 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.451611042 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.451622009 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.451708078 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.451719999 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.926989079 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.927217007 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.927229881 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.927582026 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.927643061 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.928271055 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.928319931 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.928450108 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.928519011 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.931514025 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.931838036 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.931848049 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.932205915 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.932271004 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.932898998 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.932961941 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.933104992 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.933165073 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.979566097 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.979568005 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.979573965 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.979576111 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:13.026050091 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:13.026051044 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:15.658154011 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:15.658202887 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:15.658314943 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:15.659590960 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:15.659605026 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:16.453877926 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:16.453954935 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:16.456624031 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:16.456636906 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:16.457005978 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:16.509483099 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:17.161691904 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:17.208504915 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.432193995 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.432215929 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.432224035 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.432245016 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.432256937 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.432267904 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.434721947 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:17.434742928 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.434803009 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:17.434941053 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:18.090660095 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:18.090699911 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:18.090730906 CEST49790443192.168.2.420.114.59.183
                                                                                              Sep 5, 2024 21:14:18.090738058 CEST4434979020.114.59.183192.168.2.4
                                                                                              Sep 5, 2024 21:14:18.867873907 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:18.872700930 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:19.379754066 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:19.384583950 CEST804976934.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.273113012 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.273219109 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.273922920 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.274000883 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.274528980 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.274595022 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.274893999 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.274899006 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.275492907 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.276043892 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.276109934 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.276146889 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.276201963 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.276725054 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.276782990 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.278940916 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.278940916 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.279474974 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.345282078 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.345314980 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.345487118 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.345695019 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.345705986 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.907726049 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.908128023 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.908148050 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.909012079 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.909071922 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.910263062 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.910320997 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.910458088 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.952502966 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.971867085 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:24.971884012 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.025278091 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:25.392951965 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.447019100 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:25.474920034 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.474930048 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.474961042 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.474971056 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.474978924 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:25.475008011 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.475032091 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:25.475056887 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:25.475358009 CEST49796443192.168.2.4152.195.19.97
                                                                                              Sep 5, 2024 21:14:25.475372076 CEST44349796152.195.19.97192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.733563900 CEST49763443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.733582973 CEST44349763172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.733618021 CEST49767443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.733639002 CEST44349767172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.733658075 CEST49766443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.733663082 CEST44349766172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.733681917 CEST49764443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.733686924 CEST44349764172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.733705997 CEST49768443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.733710051 CEST44349768172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.733735085 CEST49765443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.733740091 CEST44349765172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.736442089 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.736490011 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.736607075 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.736613989 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.737471104 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.737497091 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.737695932 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.737709045 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.737788916 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.737798929 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.201484919 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.201735973 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.201754093 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.202053070 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.202368975 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.202425957 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.202505112 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.211473942 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.211662054 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.211669922 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.211996078 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.212265015 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.212326050 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.243644953 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.243652105 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.259287119 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.324577093 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.324625969 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.324774981 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.324871063 CEST49797443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.324882984 CEST44349797172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:28.890449047 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:28.895322084 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:29.404642105 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:29.409509897 CEST804976934.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.543801069 CEST49801443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:35.543827057 CEST4434980135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.544337034 CEST49801443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:35.545779943 CEST49801443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:35.545793056 CEST4434980135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.556505919 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:35.556515932 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.557410955 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:35.557631016 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:35.557642937 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.558650970 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:35.558657885 CEST4434980335.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.559241056 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:35.559573889 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:35.559585094 CEST4434980335.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.928356886 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:35.928375006 CEST4434980452.222.236.48192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.928791046 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:35.928963900 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:35.928976059 CEST4434980452.222.236.48192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.012315989 CEST4434980135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.013216972 CEST49801443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:36.018276930 CEST49801443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:36.018285990 CEST4434980135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.018378973 CEST49801443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:36.018435001 CEST4434980135.190.72.216192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.019171953 CEST49801443192.168.2.435.190.72.216
                                                                                              Sep 5, 2024 21:14:36.021007061 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.021903038 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.022104025 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:36.024988890 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:36.024992943 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.025242090 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.025767088 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.027028084 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:36.027137995 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:36.027170897 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.028227091 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:36.028239012 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 5, 2024 21:14:36.037848949 CEST4434980335.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.037914991 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:36.040962934 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:36.040966988 CEST4434980335.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.041197062 CEST4434980335.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.043524981 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:36.043612003 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:36.043812990 CEST4434980335.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.044630051 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.045202017 CEST49803443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:36.049546003 CEST804976934.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.049676895 CEST4976980192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.116558075 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.116808891 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.124686956 CEST804976234.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.136512995 CEST4976280192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.137099028 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.142915964 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.148592949 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.148753881 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:36.154172897 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.993568897 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.994148016 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.994240046 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.000437975 CEST4434980452.222.236.48192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.000502110 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:37.003501892 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:37.003508091 CEST4434980452.222.236.48192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.003741026 CEST4434980452.222.236.48192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.005834103 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:37.005945921 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:37.005985022 CEST4434980452.222.236.48192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.006083012 CEST49804443192.168.2.452.222.236.48
                                                                                              Sep 5, 2024 21:14:37.013741016 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.013756037 CEST4434980635.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.014107943 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.014240026 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.014250040 CEST4434980635.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.019380093 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.023823023 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.023850918 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.023941994 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.023966074 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.024060011 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.024060965 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.024132967 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.024147034 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.024224043 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.024247885 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.024264097 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.024343014 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.024698019 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.029566050 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.466345072 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.469302893 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.474103928 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.476550102 CEST4434980635.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.476609945 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.479538918 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.479556084 CEST4434980635.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.479763031 CEST4434980635.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.482693911 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.482786894 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.482822895 CEST4434980635.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.483732939 CEST49806443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.485605955 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.490602016 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.498161077 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.498229027 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.501091957 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.501096964 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.501323938 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.503632069 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.503710985 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.503783941 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.503961086 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.505207062 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.505285025 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.507729053 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.507735014 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.507961035 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.510183096 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.510257959 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.510337114 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.510545969 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 5, 2024 21:14:37.573554039 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.579838037 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.582093954 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.587131977 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.624073029 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:37.682616949 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:37.724348068 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:41.120822906 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:41.120894909 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:41.120959997 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:47.585283995 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:47.590364933 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:47.685550928 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:47.692923069 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:54.575086117 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:54.575110912 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:54.575268030 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:54.575603962 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:54.575620890 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.111315966 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:55.111321926 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:55.111330032 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.111346960 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.311887026 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:55.311903954 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.358084917 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.358155966 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.361938953 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.361946106 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.362143993 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.369997978 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.412503004 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.678926945 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.678949118 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.678981066 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.679033041 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.679045916 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.679056883 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.679100037 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.679573059 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.679606915 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.680265903 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.682024956 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.682063103 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.684010983 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.684010983 CEST49811443192.168.2.440.127.169.103
                                                                                              Sep 5, 2024 21:14:55.684021950 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:55.684030056 CEST4434981140.127.169.103192.168.2.4
                                                                                              Sep 5, 2024 21:14:57.598453045 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:57.702920914 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:14:57.980320930 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:57.980334997 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:14:57.981648922 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:57.981650114 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:57.981662989 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:57.981662989 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:15:01.091573000 CEST49798443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:01.091608047 CEST44349798172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.534189939 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:05.534229994 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.536135912 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:05.536314011 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:05.536324024 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.017934084 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.018176079 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:06.018199921 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.018539906 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.019042969 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:06.019100904 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.019196033 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:06.060502052 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.071199894 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:06.183744907 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.183803082 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.183968067 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:06.183990955 CEST4434981323.200.0.9192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.184082031 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:06.184102058 CEST49813443192.168.2.423.200.0.9
                                                                                              Sep 5, 2024 21:15:07.602272987 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.602294922 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.602385044 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.602411032 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.602436066 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.602498055 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.602580070 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.602591038 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.602655888 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.602670908 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.634704113 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.634726048 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.637311935 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.637403965 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:07.637418032 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.991091967 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:07.991092920 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:07.995966911 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.995980978 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.059143066 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.060069084 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.062375069 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.063024998 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.063031912 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.063157082 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.063237906 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.066119909 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.066129923 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.066363096 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.069792986 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.069896936 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.069930077 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.069992065 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.070064068 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.070149899 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.072153091 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.072156906 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.075117111 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:08.079916000 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.099858046 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.104444027 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.107748985 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.107758999 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.107985020 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.110184908 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.110284090 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.110328913 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.110600948 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.110616922 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 5, 2024 21:15:08.179020882 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.221879959 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:08.355545044 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:08.360413074 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.455749989 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.501550913 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:10.563555002 CEST4972380192.168.2.4199.232.210.172
                                                                                              Sep 5, 2024 21:15:10.563607931 CEST4972480192.168.2.4199.232.210.172
                                                                                              Sep 5, 2024 21:15:10.568662882 CEST8049723199.232.210.172192.168.2.4
                                                                                              Sep 5, 2024 21:15:10.568978071 CEST8049724199.232.210.172192.168.2.4
                                                                                              Sep 5, 2024 21:15:10.569932938 CEST4972380192.168.2.4199.232.210.172
                                                                                              Sep 5, 2024 21:15:10.569947004 CEST4972480192.168.2.4199.232.210.172
                                                                                              Sep 5, 2024 21:15:18.198940039 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:18.204826117 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:18.462017059 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:18.466876984 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:28.204390049 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:28.209187031 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:28.472186089 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:28.477067947 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:38.216346025 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:38.437997103 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:38.487411976 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:38.701515913 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:40.117208958 CEST49780443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:15:40.117227077 CEST44349780142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:15:40.123106956 CEST49779443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:15:40.123131037 CEST44349779142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:15:40.320063114 CEST49781443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:15:40.320085049 CEST44349781142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:15:42.990926981 CEST49788443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:15:42.990927935 CEST49789443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:15:42.990945101 CEST44349788142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:15:42.990945101 CEST44349789142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:15:48.447673082 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:48.452879906 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:48.713784933 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:48.718617916 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:58.452821970 CEST4980780192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:58.458097935 CEST804980734.107.221.82192.168.2.4
                                                                                              Sep 5, 2024 21:15:58.722405910 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 5, 2024 21:15:58.735338926 CEST804980534.107.221.82192.168.2.4

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Sep 5, 2024 21:14:03.082051992 CEST53545681.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:04.879168034 CEST5811753192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:04.879386902 CEST4938853192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:05.183610916 CEST5331153192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:05.183841944 CEST5413653192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:05.192152977 CEST53533111.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:05.195961952 CEST53541361.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.403109074 CEST53566191.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:06.912985086 CEST53646691.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.045748949 CEST5146453192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.045886993 CEST6321753192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.046214104 CEST5961553192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.046334982 CEST5780053192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.052859068 CEST53514641.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.052897930 CEST53632171.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.052969933 CEST53596151.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.053070068 CEST53578001.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.189584970 CEST6327053192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.189868927 CEST6519553192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.196856976 CEST53632701.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.197175980 CEST53651951.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.668807030 CEST5885653192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.677043915 CEST53588561.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:07.679110050 CEST4939553192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:07.687149048 CEST53493951.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.373661995 CEST5324753192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:08.384196997 CEST5914653192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:08.391736984 CEST53591461.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.400716066 CEST4982653192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:08.408118010 CEST53498261.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.556305885 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.870775938 CEST6380053192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:08.878631115 CEST53638001.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.881428957 CEST6473153192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:08.895818949 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:08.897669077 CEST53647311.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:08.899223089 CEST6077753192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:09.022735119 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.022861958 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.022943974 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.022957087 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.023058891 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.034420967 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.035654068 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.036007881 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.036233902 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.036751032 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.036849022 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.036957979 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.037208080 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.037333012 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.037569046 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.037708044 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.037786961 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.132989883 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.133095980 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.133105993 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.133114100 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.133550882 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.133630037 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.137399912 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.138279915 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.138911009 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.138991117 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.139347076 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.139349937 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.139415026 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.139424086 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.139576912 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.139902115 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.140691042 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.141457081 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.149863958 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.150062084 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.227191925 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.258457899 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:09.447006941 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.598572969 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.598877907 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.601850033 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.604700089 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.604712009 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.604723930 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.604949951 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.606102943 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.606364012 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.606467009 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.606791973 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.606802940 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.617723942 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.617747068 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.700620890 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.700664997 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.700674057 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.704493046 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.704503059 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.704566002 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.707201004 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.709815025 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.711982012 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.712663889 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.712742090 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.712918043 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.712971926 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.713035107 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.715024948 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.717941999 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.720046997 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.723212957 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.726555109 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.737025023 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.737085104 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.737159967 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.808197021 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.808211088 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.815062046 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.815080881 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.815089941 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.815954924 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.818140984 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.821006060 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.824089050 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.825129032 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.828193903 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.830112934 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.834793091 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.837579966 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.842463017 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.842566967 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.846465111 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.848263025 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.851234913 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.851752996 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.854016066 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.856755972 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.858931065 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.861577034 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.864197969 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.867171049 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.869096994 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.872694969 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.875240088 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.877213955 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.879837036 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.882953882 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.886181116 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.889995098 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.890069008 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.894979000 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.895107031 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.897849083 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.900058031 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.902813911 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.908473969 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.910039902 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.914277077 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.916047096 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.919641972 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.923978090 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.925365925 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.927506924 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.928040028 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.929347992 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.931581020 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.934859991 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.936871052 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.939749002 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:09.968242884 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:09.968357086 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.071331978 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.072983027 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.073798895 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.075640917 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.076608896 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.078340054 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.080176115 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080229998 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080503941 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080545902 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080593109 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080640078 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080692053 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080738068 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080785990 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080877066 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080924988 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.080976009 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.081022978 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.081089973 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.081152916 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.081201077 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.156688929 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.156758070 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.156805038 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.156873941 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.156934023 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.156979084 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.157023907 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.157092094 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.157160044 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.157215118 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.157293081 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.180324078 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.180341959 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.180352926 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.180846930 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.181068897 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.182560921 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.184415102 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.186528921 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.189239979 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.191787958 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.192526102 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.192588091 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.194510937 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.194667101 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.197103977 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.199940920 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.200090885 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.202302933 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.208312035 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.208497047 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.208524942 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.209614038 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.209744930 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.212296009 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.214926958 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.216011047 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.218616962 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.220221996 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.220376015 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.223243952 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.225699902 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.227267027 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.228014946 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.230330944 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.230459929 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.233479977 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.236270905 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.236424923 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.238694906 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.241759062 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.243482113 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.246118069 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.248981953 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.251792908 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.255858898 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.256874084 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.258788109 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.263581038 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.263731003 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.265465021 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.266226053 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.269071102 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.269145012 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.273231030 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.273355961 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.276566982 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.276629925 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.279269934 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.279315948 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.279516935 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.283277035 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.283318996 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.284941912 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.285083055 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.290565014 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.290622950 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.292660952 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.292850018 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.296960115 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.297097921 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.298125029 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.299817085 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.299925089 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.302356958 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.302510023 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.306742907 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.306843042 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.308533907 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.308763027 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.313074112 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.313205957 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.315215111 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.316004038 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.316134930 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.320173979 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.320246935 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.323156118 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.323612928 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.326833010 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.327052116 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.332849026 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.332860947 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.334764957 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.334894896 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.336045027 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.340462923 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.340475082 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.341881037 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.342016935 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.344760895 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.344906092 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.347392082 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.347403049 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.350756884 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.350769043 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.354468107 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.354610920 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.356184006 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.356295109 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.356839895 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.360193968 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.360342979 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.365233898 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.365246058 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.367697954 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.367830038 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.370176077 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.370801926 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.370990038 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.372286081 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.372471094 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.375163078 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.375269890 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.380346060 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.380357981 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.380368948 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.380382061 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.380767107 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.380775928 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.382978916 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.384315014 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.410629034 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.445607901 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.446779013 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.448520899 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.514178991 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.515383005 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.516271114 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.516289949 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.543240070 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.547852993 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.547874928 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.547974110 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.548023939 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.548036098 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.548301935 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.549958944 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.549969912 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.550123930 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.550136089 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.550211906 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.551660061 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.552957058 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.611006975 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.614352942 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.614630938 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.615127087 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.615500927 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.615777016 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:10.622396946 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.622514009 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.650930882 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:10.651146889 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:10.831207037 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:10.906868935 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.000230074 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.000374079 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.001009941 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.002099037 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.030124903 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.030381918 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.074498892 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.074687004 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.090213060 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.091936111 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.093170881 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.094209909 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.094935894 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.095129013 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.127226114 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.128387928 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.128890991 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.129075050 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.312736034 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.312773943 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.387470007 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.387528896 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.394140005 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.394180059 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.407855988 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.408621073 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.409295082 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.412569046 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.481297970 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.484958887 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.485035896 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.485220909 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.487915993 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.489860058 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.490014076 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.490626097 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.525708914 CEST52985443192.168.2.4142.250.80.99
                                                                                              Sep 5, 2024 21:14:11.584254026 CEST44352985142.250.80.99192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.622952938 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.623076916 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:11.717839003 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.718574047 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.718791008 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:11.719135046 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:12.089448929 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.398655891 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.542434931 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.542546034 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.554680109 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.554805040 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.554816008 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.554917097 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.560641050 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.564450979 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.564500093 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.572727919 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.576476097 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.579863071 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.583514929 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.583527088 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.587508917 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.673178911 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.673226118 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.673558950 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.677933931 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.682528019 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.682674885 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.761396885 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.761749029 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.762888908 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.762954950 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.764420033 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.766694069 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:12.796128035 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:12.860563040 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:20.492908955 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:20.492953062 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:20.619482994 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:20.653101921 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:20.713125944 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:20.713742018 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:20.715398073 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:20.753376007 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:20.855515957 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:22.141180038 CEST138138192.168.2.4192.168.2.255
                                                                                              Sep 5, 2024 21:14:24.241060972 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.241110086 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:24.336499929 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.339247942 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.339911938 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:24.342988968 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.734421015 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.734842062 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.735980988 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:25.829780102 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.830677986 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.830912113 CEST44359542172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:25.831165075 CEST59542443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.043250084 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.204550028 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.204683065 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.204840899 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.205149889 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.205161095 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.205404043 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.207123041 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.207223892 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.207542896 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.302978992 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.302990913 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.303069115 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.303078890 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.303401947 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.303641081 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.303936958 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.344005108 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:26.398256063 CEST44349350172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:14:26.428683043 CEST49350443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:14:35.536284924 CEST6458153192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.552119970 CEST53645811.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.557348013 CEST6300353192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.559169054 CEST6008753192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.566107988 CEST53630031.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.569526911 CEST53600871.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.574350119 CEST5635753192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.574486017 CEST6388253192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.581583023 CEST53638821.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.581885099 CEST53563571.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.920430899 CEST5992353192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.927444935 CEST53599231.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.928714991 CEST5480953192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.936665058 CEST53548091.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:35.937177896 CEST5884353192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:35.944312096 CEST53588431.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:14:36.119347095 CEST4982553192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:14:41.393429995 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:41.512765884 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:41.538630962 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:41.566756964 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:41.566966057 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:41.568135977 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:41.601136923 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:41.686796904 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:42.189522028 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:42.302071095 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:42.381513119 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:42.416429996 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:42.417248964 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:42.417524099 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:42.417928934 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:42.450515032 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:42.496576071 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:42.499329090 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:42.504817963 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:42.541526079 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:42.707987070 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.173300028 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.343087912 CEST57549443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.554410934 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.554717064 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.554776907 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.554976940 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.555162907 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.556612968 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.556736946 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.643393993 CEST57549443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.783658028 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.783670902 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.783679008 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.783998013 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:43.784167051 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:43.944271088 CEST57549443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:44.062189102 CEST44357549142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:44.062235117 CEST44357549142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:44.062319994 CEST44357549142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:44.062506914 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:14:44.062516928 CEST65280443192.168.2.4142.251.40.174
                                                                                              Sep 5, 2024 21:14:44.062783957 CEST44365280142.251.40.174192.168.2.4
                                                                                              Sep 5, 2024 21:15:04.893919945 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:04.894238949 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:04.894238949 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:04.894459009 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.246841908 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.339468002 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.339967966 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.341700077 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.341756105 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.341763973 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.341773033 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.342009068 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.342169046 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.342169046 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.379148006 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.379148006 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.433945894 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.435558081 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.435751915 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.476133108 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.476154089 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.478622913 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.478790045 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.479830027 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:05.531017065 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.533283949 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.533587933 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.533813000 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:05.791337967 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:05.941040993 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.943850040 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.943912983 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.944042921 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.944052935 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:05.944233894 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:05.945923090 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:05.946026087 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:06.041934013 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.041948080 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.041955948 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.041964054 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:06.051486015 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:06.051574945 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:06.156443119 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.602406979 CEST6123853192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:15:07.609112978 CEST53612381.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:15:07.610373974 CEST5854153192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:15:07.617459059 CEST53585411.1.1.1192.168.2.4
                                                                                              Sep 5, 2024 21:15:08.074995041 CEST5491753192.168.2.41.1.1.1
                                                                                              Sep 5, 2024 21:15:13.508323908 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:13.508430004 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:13.603137970 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:13.604140043 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:13.604424000 CEST44357684172.64.41.3192.168.2.4
                                                                                              Sep 5, 2024 21:15:13.604700089 CEST57684443192.168.2.4172.64.41.3
                                                                                              Sep 5, 2024 21:15:13.605562925 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:13.605679035 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.062186956 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.062223911 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.062236071 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.062325001 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.062335968 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.062650919 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.063319921 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.063528061 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.180901051 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.180933952 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.181080103 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.181098938 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.181170940 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.220973015 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.261784077 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.262048960 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.262176991 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:14.274877071 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.274945021 CEST61408443192.168.2.4142.251.167.84
                                                                                              Sep 5, 2024 21:15:14.400734901 CEST44361408142.251.167.84192.168.2.4
                                                                                              Sep 5, 2024 21:15:26.072463036 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:26.099416971 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:26.636709929 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:15:26.677143097 CEST60165443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:15:36.071577072 CEST4436016523.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:16:05.435100079 CEST61218443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:16:05.909039974 CEST4436121823.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:16:05.909200907 CEST4436121823.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:16:05.909651995 CEST61218443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:16:06.007093906 CEST4436121823.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:16:06.007262945 CEST4436121823.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:16:06.007272005 CEST4436121823.59.250.35192.168.2.4
                                                                                              Sep 5, 2024 21:16:06.007409096 CEST61218443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:16:06.039850950 CEST61218443192.168.2.423.59.250.35
                                                                                              Sep 5, 2024 21:16:06.125057936 CEST4436121823.59.250.35192.168.2.4

                                                                                              ICMP Packets

                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                              Sep 5, 2024 21:14:44.062814951 CEST192.168.2.4142.251.40.1743362(Port unreachable)Destination Unreachable

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Sep 5, 2024 21:14:04.879168034 CEST192.168.2.41.1.1.10xcf9cStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:04.879386902 CEST192.168.2.41.1.1.10x4aeeStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:05.183610916 CEST192.168.2.41.1.1.10xa4baStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:05.183841944 CEST192.168.2.41.1.1.10xee1dStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.045748949 CEST192.168.2.41.1.1.10xacc6Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.045886993 CEST192.168.2.41.1.1.10xdc9bStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.046214104 CEST192.168.2.41.1.1.10x3579Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.046334982 CEST192.168.2.41.1.1.10x56f5Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.189584970 CEST192.168.2.41.1.1.10xe408Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.189868927 CEST192.168.2.41.1.1.10x3f80Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.668807030 CEST192.168.2.41.1.1.10x1698Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.679110050 CEST192.168.2.41.1.1.10x3b3fStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.373661995 CEST192.168.2.41.1.1.10x6a8fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.384196997 CEST192.168.2.41.1.1.10x7e5Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.400716066 CEST192.168.2.41.1.1.10xe73eStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.870775938 CEST192.168.2.41.1.1.10x7015Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.881428957 CEST192.168.2.41.1.1.10x4e93Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.899223089 CEST192.168.2.41.1.1.10xa10eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.536284924 CEST192.168.2.41.1.1.10x44c5Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.557348013 CEST192.168.2.41.1.1.10xea7bStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.559169054 CEST192.168.2.41.1.1.10x23aStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.574350119 CEST192.168.2.41.1.1.10x62a9Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.574486017 CEST192.168.2.41.1.1.10x9371Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.920430899 CEST192.168.2.41.1.1.10xbaeStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.928714991 CEST192.168.2.41.1.1.10x21f4Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.937177896 CEST192.168.2.41.1.1.10x4be4Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:36.119347095 CEST192.168.2.41.1.1.10x20c7Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:07.602406979 CEST192.168.2.41.1.1.10xd4bStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:07.610373974 CEST192.168.2.41.1.1.10x3b97Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:08.074995041 CEST192.168.2.41.1.1.10x9434Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Sep 5, 2024 21:14:04.888374090 CEST1.1.1.1192.168.2.40xcf9cNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:04.888387918 CEST1.1.1.1192.168.2.40x4aeeNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:05.192152977 CEST1.1.1.1192.168.2.40xa4baNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:05.192152977 CEST1.1.1.1192.168.2.40xa4baNo error (0)googlehosted.l.googleusercontent.com142.250.186.129A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:05.195961952 CEST1.1.1.1192.168.2.40xee1dNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.052859068 CEST1.1.1.1192.168.2.40xacc6No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.052859068 CEST1.1.1.1192.168.2.40xacc6No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.052897930 CEST1.1.1.1192.168.2.40xdc9bNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.052969933 CEST1.1.1.1192.168.2.40x3579No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.052969933 CEST1.1.1.1192.168.2.40x3579No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.053070068 CEST1.1.1.1192.168.2.40x56f5No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.089209080 CEST1.1.1.1192.168.2.40xbf2fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.089209080 CEST1.1.1.1192.168.2.40xbf2fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.091336966 CEST1.1.1.1192.168.2.40x7240No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.196856976 CEST1.1.1.1192.168.2.40xe408No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.196856976 CEST1.1.1.1192.168.2.40xe408No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.197175980 CEST1.1.1.1192.168.2.40x3f80No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.201773882 CEST1.1.1.1192.168.2.40x781eNo error (0)shed.dual-low.s-part-0029.t-0009.t-msedge.nets-part-0029.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.201773882 CEST1.1.1.1192.168.2.40x781eNo error (0)s-part-0029.t-0009.t-msedge.net13.107.246.57A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.664199114 CEST1.1.1.1192.168.2.40xe59cNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:07.677043915 CEST1.1.1.1192.168.2.40x1698No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.099037886 CEST1.1.1.1192.168.2.40x41d9No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.099652052 CEST1.1.1.1192.168.2.40x8b6bNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.099652052 CEST1.1.1.1192.168.2.40x8b6bNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.382867098 CEST1.1.1.1192.168.2.40x6a8fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.382867098 CEST1.1.1.1192.168.2.40x6a8fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.391736984 CEST1.1.1.1192.168.2.40x7e5No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.408118010 CEST1.1.1.1192.168.2.40xe73eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.878631115 CEST1.1.1.1192.168.2.40x7015No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.897669077 CEST1.1.1.1192.168.2.40x4e93No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.897669077 CEST1.1.1.1192.168.2.40x4e93No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.910851955 CEST1.1.1.1192.168.2.40xa10eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:08.910851955 CEST1.1.1.1192.168.2.40xa10eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:10.167407036 CEST1.1.1.1192.168.2.40x84e6No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:10.167407036 CEST1.1.1.1192.168.2.40x84e6No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:11.174345970 CEST1.1.1.1192.168.2.40x84e6No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:11.174345970 CEST1.1.1.1192.168.2.40x84e6No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:12.174539089 CEST1.1.1.1192.168.2.40x84e6No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:12.174539089 CEST1.1.1.1192.168.2.40x84e6No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:14.201940060 CEST1.1.1.1192.168.2.40x84e6No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:14.201940060 CEST1.1.1.1192.168.2.40x84e6No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:18.204982996 CEST1.1.1.1192.168.2.40x84e6No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:18.204982996 CEST1.1.1.1192.168.2.40x84e6No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.552119970 CEST1.1.1.1192.168.2.40x44c5No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.552119970 CEST1.1.1.1192.168.2.40x44c5No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.554502964 CEST1.1.1.1192.168.2.40x6446No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.554502964 CEST1.1.1.1192.168.2.40x6446No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.566107988 CEST1.1.1.1192.168.2.40xea7bNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.569526911 CEST1.1.1.1192.168.2.40x23aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.927444935 CEST1.1.1.1192.168.2.40xbaeNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.927444935 CEST1.1.1.1192.168.2.40xbaeNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.927444935 CEST1.1.1.1192.168.2.40xbaeNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.927444935 CEST1.1.1.1192.168.2.40xbaeNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.936665058 CEST1.1.1.1192.168.2.40x21f4No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.936665058 CEST1.1.1.1192.168.2.40x21f4No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.936665058 CEST1.1.1.1192.168.2.40x21f4No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:35.936665058 CEST1.1.1.1192.168.2.40x21f4No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:36.136142969 CEST1.1.1.1192.168.2.40x20c7No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:36.136142969 CEST1.1.1.1192.168.2.40x20c7No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:37.023099899 CEST1.1.1.1192.168.2.40x13bcNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:37.023099899 CEST1.1.1.1192.168.2.40x13bcNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:37.523523092 CEST1.1.1.1192.168.2.40x6a2eNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:14:37.523523092 CEST1.1.1.1192.168.2.40x6a2eNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:07.601517916 CEST1.1.1.1192.168.2.40x6dcdNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:07.609112978 CEST1.1.1.1192.168.2.40xd4bNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:07.611874104 CEST1.1.1.1192.168.2.40x25c6No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:08.081896067 CEST1.1.1.1192.168.2.40x9434No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 21:15:08.081896067 CEST1.1.1.1192.168.2.40x9434No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • clients2.googleusercontent.com
                                                                                              • chrome.cloudflare-dns.com
                                                                                              • edgeassetservice.azureedge.net
                                                                                              • arc.msn.com
                                                                                              • fs.microsoft.com
                                                                                              • www.googleapis.com
                                                                                              • https:
                                                                                                • www.google.com
                                                                                              • slscr.update.microsoft.com
                                                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                              • detectportal.firefox.com

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.44976234.107.221.82807672C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 21:14:08.402709961 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 21:14:08.866425037 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 47214
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 21:14:18.867873907 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:14:28.890449047 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:14:36.021007061 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 21:14:36.116558075 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 47242
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.44976934.107.221.82807672C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 21:14:08.922718048 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 21:14:09.367201090 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 38924
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 21:14:19.379754066 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:14:29.404642105 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.44980534.107.221.82807672C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 21:14:36.148753881 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 21:14:36.993568897 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 38951
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 21:14:36.994148016 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 38951
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 21:14:37.469302893 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 21:14:37.573554039 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 38952
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 21:14:37.582093954 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 21:14:37.682616949 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 38952
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 21:14:47.685550928 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:14:57.702920914 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:07.991092920 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:08.355545044 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 21:15:08.455749989 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 38983
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 21:15:18.462017059 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:28.472186089 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:38.487411976 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:48.713784933 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:58.722405910 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.44980734.107.221.82807672C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 21:14:37.024698019 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 21:14:37.466345072 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                                              Age: 70167
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 21:14:37.485605955 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 21:14:37.579838037 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                                              Age: 70167
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 21:14:47.585283995 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:14:57.598453045 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:07.991091967 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:08.075117111 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 21:15:08.179020882 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                                              Age: 70198
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 21:15:18.198940039 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:28.204390049 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:38.216346025 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:48.447673082 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 21:15:58.452821970 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.449746142.250.186.1294431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:05 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                                              Host: clients2.googleusercontent.com
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:06 UTC566INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 135751
                                                                                              X-GUploader-UploadID: AD-8ljsqFKFfhbFwMg_8uFT16hlYBQB1SjfJlh8NfP52lz5O7peADQi3K7DZ1yaXxlqmmX11G-Y
                                                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                                                              Server: UploadServer
                                                                                              Date: Wed, 04 Sep 2024 19:15:10 GMT
                                                                                              Expires: Thu, 04 Sep 2025 19:15:10 GMT
                                                                                              Cache-Control: public, max-age=31536000
                                                                                              Age: 86336
                                                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                                              Content-Type: application/x-chrome-extension
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 19:14:06 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                                              Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                                              Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                                              Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                                              Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                                              Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                                              Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                                              Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                                              Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                                              2024-09-05 19:14:06 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                                              Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.449757162.159.61.34431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:07 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 19:14:07 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 19:14:07 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 19:14:07 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be88a5e6afd191e-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 19:14:07 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 8e 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom()


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.449755172.64.41.34431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:07 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 19:14:07 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 19:14:07 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 19:14:07 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be88a5e698941e3-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 19:14:07 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0a 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom))


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.449756172.64.41.34431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:07 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 19:14:07 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 19:14:07 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 19:14:07 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be88a5e6ace7cff-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 19:14:07 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d5 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcomA)


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.44976013.107.246.574431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:07 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: ArbitrationService
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:08 UTC552INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:08 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 11989
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 04 Sep 2024 17:17:44 GMT
                                                                                              ETag: 0x8DCCD057D8088C1
                                                                                              x-ms-request-id: f7ce689d-701e-002c-4072-ffea3a000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191408Z-165795675767jvm9z21nmtw4wn0000000cq000000000482v
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:08 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                                                              Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.44975913.107.246.574431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:07 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: Shoreline
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:08 UTC577INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:08 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 306698
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                              ETag: 0x8DBC9B5C40EBFF4
                                                                                              x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191408Z-16579567576s4v5z9ks8mdk6fw0000000cv0000000004ukc
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:08 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                                              Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                                              Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                                              Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                                              Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                                              Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                                              Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                                              Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                                              Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                                              Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.44975813.107.246.574431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:07 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                                                              Sec-Mesh-Client-OS: Windows
                                                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                              Sec-Mesh-Client-Arch: x86_64
                                                                                              Sec-Mesh-Client-WebView: 0
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:08 UTC583INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:08 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 70207
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                                              ETag: 0x8DCB31E67C22927
                                                                                              x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191408Z-16579567576j7nvvu5n0ytgs1c0000000czg00000000eph3
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:08 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                                              2024-09-05 19:14:08 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                                              2024-09-05 19:14:08 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.449770184.28.90.27443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:09 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              Accept-Encoding: identity
                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                              Host: fs.microsoft.com
                                                                                              2024-09-05 19:14:10 UTC466INHTTP/1.1 200 OK
                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                              Content-Type: application/octet-stream
                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Server: ECAcc (lpl/EF67)
                                                                                              X-CID: 11
                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                              X-Ms-Region: prod-weu-z1
                                                                                              Cache-Control: public, max-age=77490
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Connection: close
                                                                                              X-CID: 2


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              8192.168.2.44977613.107.246.404431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:10 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:10 UTC515INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1751
                                                                                              Connection: close
                                                                                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                              ETag: 0x8DBCEA8D5AACC85
                                                                                              x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191410Z-16579567576c4hpgz3uh2pbn5g0000000cq000000000tuhh
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:10 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              9192.168.2.44977413.107.246.404431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:10 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:10 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1966
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                              ETag: 0x8DBDCB5EC122A94
                                                                                              x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191410Z-16579567576h9nndaeer0cv35w0000000cm000000000u5ds
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:10 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              10192.168.2.44977513.107.246.404431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:10 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:10 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1427
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                              ETag: 0x8DBDCB5EF021F8E
                                                                                              x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191410Z-16579567576l4p9bs8an1npq1n0000000ck000000000hmg7
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:10 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              11192.168.2.44977713.107.246.404431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:10 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:10 UTC522INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 2008
                                                                                              Connection: close
                                                                                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                              ETag: 0x8DBC9B5C0C17219
                                                                                              x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191410Z-165795675762h26c6ze2t4q7600000000cv000000000nddt
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:10 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              12192.168.2.44977313.107.246.404431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:10 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:10 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 2229
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                              ETag: 0x8DBD59359A9E77B
                                                                                              x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191410Z-16579567576p25xcxh3nycmsaw0000000ccg00000000x1gf
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:10 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              13192.168.2.44977813.107.246.404431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:10 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:10 UTC543INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1154
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                              ETag: 0x8DBD5935D5B3965
                                                                                              x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191410Z-16579567576h266g9d6dee9ff80000000cz000000000g2xv
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:10 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              14192.168.2.44977123.96.180.1894431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:10 UTC616OUTGET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1
                                                                                              Host: arc.msn.com
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:10 UTC633INHTTP/1.1 200 OK
                                                                                              Cache-Control: max-age=86400, private
                                                                                              Content-Length: 2061
                                                                                              Content-Type: application/json; charset=utf-8
                                                                                              Expires: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                              Server: Microsoft-IIS/10.0
                                                                                              ARC-RSP-DBG: [{"X-RADID":"P425775005-T700421790-C128000000003081809"},{"BATCH_REDIRECT_STORE":"B128000000003081809+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
                                                                                              Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
                                                                                              X-AspNet-Version: 4.0.30319
                                                                                              X-Powered-By: ASP.NET
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Date: Thu, 05 Sep 2024 19:14:10 GMT
                                                                                              Connection: close
                                                                                              2024-09-05 19:14:10 UTC2061INData Raw: 7b 22 66 22 3a 22 72 61 66 22 2c 22 76 22 3a 22 31 2e 30 22 2c 22 72 64 72 22 3a 5b 7b 22 63 22 3a 22 41 6e 61 68 65 69 6d 20 50 61 73 73 77 6f 72 64 20 4d 6f 6e 69 74 6f 72 22 2c 22 75 22 3a 22 43 6f 6e 73 65 6e 74 20 53 61 76 65 20 50 61 73 73 77 6f 72 64 22 7d 5d 2c 22 61 64 22 3a 7b 22 54 49 54 4c 45 5f 53 41 56 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 55 50 44 41 54 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 4e 4f 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64
                                                                                              Data Ascii: {"f":"raf","v":"1.0","rdr":[{"c":"Anaheim Password Monitor","u":"Consent Save Password"}],"ad":{"TITLE_SAVE":"Save your password","TITLE_UPDATE":"Save your password","TITLE_SAVED_PASSWORD":"Save your password","TITLE_NO_SAVED_PASSWORD":"Save your password


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              15192.168.2.449782184.28.90.27443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:11 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              Accept-Encoding: identity
                                                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Range: bytes=0-2147483646
                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                              Host: fs.microsoft.com
                                                                                              2024-09-05 19:14:11 UTC514INHTTP/1.1 200 OK
                                                                                              ApiVersion: Distribute 1.1
                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                              Content-Type: application/octet-stream
                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Server: ECAcc (lpl/EF06)
                                                                                              X-CID: 11
                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                              X-Ms-Region: prod-weu-z1
                                                                                              Cache-Control: public, max-age=77543
                                                                                              Date: Thu, 05 Sep 2024 19:14:11 GMT
                                                                                              Content-Length: 55
                                                                                              Connection: close
                                                                                              X-CID: 2
                                                                                              2024-09-05 19:14:11 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              16192.168.2.44978313.107.246.404431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:11 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:11 UTC543INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 19:14:11 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1468
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                              ETag: 0x8DBDCB5E23DFC43
                                                                                              x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T191411Z-16579567576s4v5z9ks8mdk6fw0000000cq000000000qumv
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 19:14:11 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              17192.168.2.449784142.251.40.2024431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:11 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                                                              Host: www.googleapis.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 119
                                                                                              Content-Type: application/json
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:11 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 78 7a 73 38 49 6a 46 79 7a 58 36 76 6b 6e 6e 53 49 67 49 66 6d 61 4a 57 4a 61 4f 6f 79 58 62 42 55 64 73 7a 68 57 46 65 34 78 38 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                                                              Data Ascii: {"hash":"xzs8IjFyzX6vknnSIgIfmaJWJaOoyXbBUdszhWFe4x8=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                                                              2024-09-05 19:14:11 UTC341INHTTP/1.1 200 OK
                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                              Vary: Origin
                                                                                              Vary: X-Origin
                                                                                              Vary: Referer
                                                                                              Date: Thu, 05 Sep 2024 19:14:11 GMT
                                                                                              Server: ESF
                                                                                              Content-Length: 483
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 19:14:11 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 58 71 59 37 2f 4e 31 55 6a 6c 4d 4d 46 38 76 71 6c 62 42 58 73 4e 59 62 45 66 51 65 72 43 57 61 77 72 71 50 45 6b 53 6c 51 4d 6b 67 50 44 67 78 39 4d 32 31 2f 35 44 32 4c 72 50 57 41 33 2b 4d 4b 65 49 65 49 35 52 66 48 34 54 6c 54 78 70 5a 57 34 35 65 31 48 32 51 32 79 45 6b 79 37 65 4e 35 6e 79 37 44 6b 7a 51 51 74 31 56 47 65 47 6d 2b 37 73 56 77 75 59 4d 2b 30 65 36 39 76 43 77 63 4b 37 4c 30 44 4d 4f 43 6a 33 31 58 34 59 49 76 76 6e 69 6f 68 41 6c 6f 58 78 5a 39 4a 47 4b 2f 2f 35 33 57 4a 6e 37 35 36 33 61 35 30 6f 5a 67 2b 78 7a 4b 47 78 5a 61 51 2f 48 62 53 71 55 57 65 45 6e 48 42 6b 49 58 35 38 59 49 66 77 6b 70 47 46 69
                                                                                              Data Ascii: { "protocol_version": 1, "signature": "XqY7/N1UjlMMF8vqlbBXsNYbEfQerCWawrqPEkSlQMkgPDgx9M21/5D2LrPWA3+MKeIeI5RfH4TlTxpZW45e1H2Q2yEky7eN5ny7DkzQQt1VGeGm+7sVwuYM+0e69vCwcK7L0DMOCj31X4YIvvniohAloXxZ9JGK//53WJn7563a50oZg+xzKGxZaQ/HbSqUWeEnHBkIX58YIfwkpGFi


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              18192.168.2.449785142.251.40.1744431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:11 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Host: play.google.com
                                                                                              Connection: keep-alive
                                                                                              Accept: */*
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: x-goog-authuser
                                                                                              Origin: https://accounts.google.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Sec-Fetch-Mode: cors
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Dest: empty
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:12 UTC520INHTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                              Access-Control-Max-Age: 86400
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Date: Thu, 05 Sep 2024 19:14:11 GMT
                                                                                              Server: Playlog
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              19192.168.2.449786142.251.40.1744431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:11 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Host: play.google.com
                                                                                              Connection: keep-alive
                                                                                              Accept: */*
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: x-goog-authuser
                                                                                              Origin: https://accounts.google.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Sec-Fetch-Mode: cors
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Dest: empty
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:12 UTC520INHTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                              Access-Control-Max-Age: 86400
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Date: Thu, 05 Sep 2024 19:14:12 GMT
                                                                                              Server: Playlog
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              20192.168.2.449787142.250.80.684431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:12 UTC899OUTGET /favicon.ico HTTP/1.1
                                                                                              Host: www.google.com
                                                                                              Connection: keep-alive
                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                              sec-ch-ua-mobile: ?0
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              sec-ch-ua-arch: "x86"
                                                                                              sec-ch-ua-full-version: "117.0.2045.47"
                                                                                              sec-ch-ua-platform-version: "10.0.0"
                                                                                              sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                                              sec-ch-ua-bitness: "64"
                                                                                              sec-ch-ua-model: ""
                                                                                              sec-ch-ua-wow64: ?0
                                                                                              sec-ch-ua-platform: "Windows"
                                                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: image
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:12 UTC705INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                              Content-Length: 5430
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Server: sffe
                                                                                              X-XSS-Protection: 0
                                                                                              Date: Thu, 05 Sep 2024 16:42:31 GMT
                                                                                              Expires: Fri, 13 Sep 2024 16:42:31 GMT
                                                                                              Cache-Control: public, max-age=691200
                                                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                              Content-Type: image/x-icon
                                                                                              Vary: Accept-Encoding
                                                                                              Age: 9101
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 19:14:12 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                                                              2024-09-05 19:14:12 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                                              2024-09-05 19:14:12 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                              2024-09-05 19:14:12 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                              Data Ascii: BBBBBBF!4I
                                                                                              2024-09-05 19:14:12 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                              Data Ascii: $'


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              21192.168.2.44979020.114.59.183443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:17 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZuRVPvNL3f5eVwh&MD=XpFp+fT4 HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                              Host: slscr.update.microsoft.com
                                                                                              2024-09-05 19:14:17 UTC560INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/octet-stream
                                                                                              Expires: -1
                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                              MS-CorrelationId: d8781e58-7a38-438d-89f6-890677283b80
                                                                                              MS-RequestId: 0edba76a-11c9-4edf-93ec-30ce637403e9
                                                                                              MS-CV: LSqS8d6rvkuFgGJh.0
                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Date: Thu, 05 Sep 2024 19:14:16 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 24490
                                                                                              2024-09-05 19:14:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                              2024-09-05 19:14:17 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              22192.168.2.449796152.195.19.974431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:24 UTC622OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726168446&P2=404&P3=2&P4=a2E4IbLw%2f4AXhRNtSKVlFISGqZw%2fYX%2fwQfhCkBX%2fA0NPEByub%2bEfZxO0g7crcudrxvY8SwgpfmyOhmpWrhE07Q%3d%3d HTTP/1.1
                                                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                              Connection: keep-alive
                                                                                              MS-CV: XQaDYC7uyABZg538oeRDlH
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:14:25 UTC632INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 5490196
                                                                                              Cache-Control: public, max-age=17280000
                                                                                              Content-Type: application/x-chrome-extension
                                                                                              Date: Thu, 05 Sep 2024 19:14:25 GMT
                                                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                              Server: ECAcc (nyd/D11E)
                                                                                              X-AspNet-Version: 4.0.30319
                                                                                              X-AspNetMvc-Version: 5.3
                                                                                              X-Cache: HIT
                                                                                              X-CCC: US
                                                                                              X-CID: 11
                                                                                              X-Powered-By: ASP.NET
                                                                                              X-Powered-By: ARR/3.0
                                                                                              X-Powered-By: ASP.NET
                                                                                              Content-Length: 11185
                                                                                              Connection: close
                                                                                              2024-09-05 19:14:25 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              23192.168.2.449797172.64.41.34431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:26 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 19:14:26 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: edgemicrosoftcomA)QM
                                                                                              2024-09-05 19:14:26 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 19:14:26 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be88ad23f4932dc-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 19:14:26 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 01 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 0d d2 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 4f 00 06 00 01 00 00 00 b2 00 23 03 6e 73 31 c0 4f 06 6d 73 6e 68 73 74 c0 11 78 2b 22 e5 00 00 07 08 00 00 03 84 00 24 ea 00 00 00 00 f0 00 00 29 04 d0 00 00 00 00 01 3d 00 0c 01 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: edgemicrosoftcomA-edge-microsoft-comdual-a-0036a-msedgenetO#ns1Omsnhstx+"$)=9


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              24192.168.2.44981140.127.169.103443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:14:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZuRVPvNL3f5eVwh&MD=XpFp+fT4 HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                              Host: slscr.update.microsoft.com
                                                                                              2024-09-05 19:14:55 UTC560INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/octet-stream
                                                                                              Expires: -1
                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                              MS-CorrelationId: 93f25614-7beb-4e0d-a279-afcd81414a67
                                                                                              MS-RequestId: 0442a132-255b-42c2-94a3-920a78b5c445
                                                                                              MS-CV: 5w7qt40Ui0u7kdJF.0
                                                                                              X-Microsoft-SLSClientCache: 1440
                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Date: Thu, 05 Sep 2024 19:14:55 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 30005
                                                                                              2024-09-05 19:14:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                              2024-09-05 19:14:55 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              25192.168.2.44981323.200.0.94431516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 19:15:06 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                                              Host: bzib.nelreports.net
                                                                                              Connection: keep-alive
                                                                                              Origin: https://business.bing.com
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: content-type
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 19:15:06 UTC378INHTTP/1.1 503 Service Unavailable
                                                                                              Content-Length: 326
                                                                                              Content-Type: text/html; charset=us-ascii
                                                                                              Date: Thu, 05 Sep 2024 19:15:06 GMT
                                                                                              Connection: close
                                                                                              PMUSER_FORMAT_QS:
                                                                                              X-CDN-TraceId: 0.09ac2d17.1725563706.3c03156
                                                                                              Access-Control-Allow-Credentials: false
                                                                                              Access-Control-Allow-Methods: *
                                                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                              Access-Control-Allow-Origin: *
                                                                                              2024-09-05 19:15:06 UTC326INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:15:13:56
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                              Imagebase:0x8d0000
                                                                                              File size:917'504 bytes
                                                                                              MD5 hash:0CA13C099EE8094B069BC5731E460ADD
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:15:13:56
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:15:13:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:15:13:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:15:13:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:15:13:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,15309278543737732341,3283163508416092879,262144 /prefetch:3
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:15:13:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:15:13:59
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:3
                                                                                              Imagebase:0xba0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:10
                                                                                              Start time:15:14:02
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6284 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:11
                                                                                              Start time:15:14:02
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6268 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:12
                                                                                              Start time:15:14:03
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f32ec23-be7a-418b-8f61-b1a22111ea5c} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206e7d71110 socket
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:15
                                                                                              Start time:15:14:04
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
                                                                                              Imagebase:0x7ff728800000
                                                                                              File size:1'255'976 bytes
                                                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:16
                                                                                              Start time:15:14:04
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
                                                                                              Imagebase:0x7ff728800000
                                                                                              File size:1'255'976 bytes
                                                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:17
                                                                                              Start time:15:14:06
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4376 -parentBuildID 20230927232528 -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {547c77f8-c020-4959-ad1e-5ce4ada21a4e} 7672 "\\.\pipe\gecko-crash-server-pipe.7672" 206fa375e10 rdd
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:19
                                                                                              Start time:15:14:17
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:20
                                                                                              Start time:15:14:18
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2020,i,10532752672312417087,7872925476916405703,262144 /prefetch:3
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:23
                                                                                              Start time:15:14:25
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:24
                                                                                              Start time:15:14:26
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2064,i,7618307593773119134,16498521840548879801,262144 /prefetch:3
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:25
                                                                                              Start time:15:14:59
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3620 --field-trial-handle=2684,i,9845600411347167149,3370953884405614858,262144 /prefetch:8
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:false

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:1.8%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:4.8%
                                                                                                Total number of Nodes:1386
                                                                                                Total number of Limit Nodes:61
                                                                                                execution_graph 95537 8d1cad SystemParametersInfoW 95538 923f75 95549 8eceb1 95538->95549 95540 923f8b 95548 924006 95540->95548 95616 8ee300 23 API calls 95540->95616 95543 924052 95546 924a88 95543->95546 95618 94359c 82 API calls __wsopen_s 95543->95618 95545 923fe6 95545->95543 95617 941abf 22 API calls 95545->95617 95558 8dbf40 95548->95558 95550 8ecebf 95549->95550 95551 8eced2 95549->95551 95619 8daceb 23 API calls messages 95550->95619 95553 8eced7 95551->95553 95554 8ecf05 95551->95554 95620 8efddb 95553->95620 95630 8daceb 23 API calls messages 95554->95630 95557 8ecec9 95557->95540 95643 8dadf0 95558->95643 95560 8dbf9d 95561 9204b6 95560->95561 95562 8dbfa9 95560->95562 95672 94359c 82 API calls __wsopen_s 95561->95672 95564 8dc01e 95562->95564 95565 9204c6 95562->95565 95648 8dac91 95564->95648 95673 94359c 82 API calls __wsopen_s 95565->95673 95568 8dc7da 95661 8efe0b 95568->95661 95574 9204f5 95578 92055a 95574->95578 95674 8ed217 185 API calls 95574->95674 95577 8dc808 __fread_nolock 95579 8efe0b 22 API calls 95577->95579 95600 8dc603 95578->95600 95675 94359c 82 API calls __wsopen_s 95578->95675 95612 8dc350 __fread_nolock messages 95579->95612 95580 8daf8a 22 API calls 95613 8dc039 __fread_nolock messages 95580->95613 95581 937120 22 API calls 95581->95613 95582 92091a 95709 943209 23 API calls 95582->95709 95585 8dec40 185 API calls 95585->95613 95586 9208a5 95683 8dec40 95586->95683 95588 9208cf 95588->95600 95707 8da81b 41 API calls 95588->95707 95590 920591 95676 94359c 82 API calls __wsopen_s 95590->95676 95594 9208f6 95708 94359c 82 API calls __wsopen_s 95594->95708 95597 8dc237 95598 8dc253 95597->95598 95710 8da8c7 22 API calls __fread_nolock 95597->95710 95601 920976 95598->95601 95606 8dc297 messages 95598->95606 95600->95543 95711 8daceb 23 API calls messages 95601->95711 95603 8efddb 22 API calls 95603->95613 95605 9209bf 95605->95600 95712 94359c 82 API calls __wsopen_s 95605->95712 95606->95605 95659 8daceb 23 API calls messages 95606->95659 95608 8dc335 95608->95605 95610 8dc342 95608->95610 95609 8dbbe0 40 API calls 95609->95613 95660 8da704 22 API calls messages 95610->95660 95615 8dc3ac 95612->95615 95671 8ece17 22 API calls messages 95612->95671 95613->95568 95613->95574 95613->95577 95613->95578 95613->95580 95613->95581 95613->95582 95613->95585 95613->95586 95613->95590 95613->95594 95613->95597 95613->95600 95613->95603 95613->95605 95613->95609 95614 8efe0b 22 API calls 95613->95614 95652 8dad81 95613->95652 95677 937099 22 API calls __fread_nolock 95613->95677 95678 955745 54 API calls _wcslen 95613->95678 95679 8eaa42 22 API calls messages 95613->95679 95680 93f05c 40 API calls 95613->95680 95681 8da993 41 API calls 95613->95681 95682 8daceb 23 API calls messages 95613->95682 95614->95613 95615->95543 95616->95545 95617->95548 95618->95546 95619->95557 95622 8efde0 95620->95622 95623 8efdfa 95622->95623 95626 8efdfc 95622->95626 95631 8fea0c 95622->95631 95638 8f4ead 7 API calls 2 library calls 95622->95638 95623->95557 95625 8f066d 95640 8f32a4 RaiseException 95625->95640 95626->95625 95639 8f32a4 RaiseException 95626->95639 95629 8f068a 95629->95557 95630->95557 95633 903820 __FrameHandler3::FrameUnwindToState 95631->95633 95632 90385e 95642 8ff2d9 20 API calls __dosmaperr 95632->95642 95633->95632 95635 903849 RtlAllocateHeap 95633->95635 95641 8f4ead 7 API calls 2 library calls 95633->95641 95635->95633 95636 90385c 95635->95636 95636->95622 95638->95622 95639->95625 95640->95629 95641->95633 95642->95636 95644 8dae01 95643->95644 95647 8dae1c messages 95643->95647 95713 8daec9 95644->95713 95646 8dae09 CharUpperBuffW 95646->95647 95647->95560 95649 8dacae 95648->95649 95650 8dacd1 95649->95650 95719 94359c 82 API calls __wsopen_s 95649->95719 95650->95613 95653 91fadb 95652->95653 95654 8dad92 95652->95654 95655 8efddb 22 API calls 95654->95655 95656 8dad99 95655->95656 95720 8dadcd 95656->95720 95659->95608 95660->95612 95664 8efddb 95661->95664 95662 8fea0c ___std_exception_copy 21 API calls 95662->95664 95663 8efdfa 95663->95577 95664->95662 95664->95663 95667 8efdfc 95664->95667 95733 8f4ead 7 API calls 2 library calls 95664->95733 95666 8f066d 95735 8f32a4 RaiseException 95666->95735 95667->95666 95734 8f32a4 RaiseException 95667->95734 95670 8f068a 95670->95577 95671->95612 95672->95565 95673->95600 95674->95578 95675->95600 95676->95600 95677->95613 95678->95613 95679->95613 95680->95613 95681->95613 95682->95613 95685 8dec76 messages 95683->95685 95684 8f00a3 29 API calls pre_c_initialization 95684->95685 95685->95684 95686 8efddb 22 API calls 95685->95686 95687 8dfef7 95685->95687 95690 924b0b 95685->95690 95691 8da8c7 22 API calls 95685->95691 95692 924600 95685->95692 95698 8f0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95685->95698 95699 8dfbe3 95685->95699 95700 8da961 22 API calls 95685->95700 95701 8ded9d messages 95685->95701 95704 924beb 95685->95704 95705 8f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95685->95705 95706 8df3ae messages 95685->95706 95736 8e01e0 185 API calls 2 library calls 95685->95736 95737 8e06a0 41 API calls messages 95685->95737 95686->95685 95687->95701 95739 8da8c7 22 API calls __fread_nolock 95687->95739 95741 94359c 82 API calls __wsopen_s 95690->95741 95691->95685 95692->95701 95738 8da8c7 22 API calls __fread_nolock 95692->95738 95698->95685 95699->95701 95702 924bdc 95699->95702 95699->95706 95700->95685 95701->95588 95742 94359c 82 API calls __wsopen_s 95702->95742 95743 94359c 82 API calls __wsopen_s 95704->95743 95705->95685 95706->95701 95740 94359c 82 API calls __wsopen_s 95706->95740 95707->95594 95708->95600 95709->95597 95710->95598 95711->95605 95712->95600 95714 8daedc 95713->95714 95718 8daed9 __fread_nolock 95713->95718 95715 8efddb 22 API calls 95714->95715 95716 8daee7 95715->95716 95717 8efe0b 22 API calls 95716->95717 95717->95718 95718->95646 95719->95650 95724 8daddd 95720->95724 95721 8dadb6 95721->95613 95722 8efddb 22 API calls 95722->95724 95724->95721 95724->95722 95726 8dadcd 22 API calls 95724->95726 95727 8da961 95724->95727 95732 8da8c7 22 API calls __fread_nolock 95724->95732 95726->95724 95728 8efe0b 22 API calls 95727->95728 95729 8da976 95728->95729 95730 8efddb 22 API calls 95729->95730 95731 8da984 95730->95731 95731->95724 95732->95724 95733->95664 95734->95666 95735->95670 95736->95685 95737->95685 95738->95701 95739->95701 95740->95701 95741->95701 95742->95704 95743->95701 95744 8d1044 95749 8d10f3 95744->95749 95746 8d104a 95785 8f00a3 29 API calls __onexit 95746->95785 95748 8d1054 95786 8d1398 95749->95786 95753 8d116a 95754 8da961 22 API calls 95753->95754 95755 8d1174 95754->95755 95756 8da961 22 API calls 95755->95756 95757 8d117e 95756->95757 95758 8da961 22 API calls 95757->95758 95759 8d1188 95758->95759 95760 8da961 22 API calls 95759->95760 95761 8d11c6 95760->95761 95762 8da961 22 API calls 95761->95762 95763 8d1292 95762->95763 95796 8d171c 95763->95796 95767 8d12c4 95768 8da961 22 API calls 95767->95768 95769 8d12ce 95768->95769 95817 8e1940 95769->95817 95771 8d12f9 95827 8d1aab 95771->95827 95773 8d1315 95774 8d1325 GetStdHandle 95773->95774 95775 912485 95774->95775 95776 8d137a 95774->95776 95775->95776 95777 91248e 95775->95777 95779 8d1387 OleInitialize 95776->95779 95778 8efddb 22 API calls 95777->95778 95780 912495 95778->95780 95779->95746 95834 94011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95780->95834 95782 91249e 95835 940944 CreateThread 95782->95835 95784 9124aa CloseHandle 95784->95776 95785->95748 95836 8d13f1 95786->95836 95789 8d13f1 22 API calls 95790 8d13d0 95789->95790 95791 8da961 22 API calls 95790->95791 95792 8d13dc 95791->95792 95843 8d6b57 95792->95843 95794 8d1129 95795 8d1bc3 6 API calls 95794->95795 95795->95753 95797 8da961 22 API calls 95796->95797 95798 8d172c 95797->95798 95799 8da961 22 API calls 95798->95799 95800 8d1734 95799->95800 95801 8da961 22 API calls 95800->95801 95802 8d174f 95801->95802 95803 8efddb 22 API calls 95802->95803 95804 8d129c 95803->95804 95805 8d1b4a 95804->95805 95806 8d1b58 95805->95806 95807 8da961 22 API calls 95806->95807 95808 8d1b63 95807->95808 95809 8da961 22 API calls 95808->95809 95810 8d1b6e 95809->95810 95811 8da961 22 API calls 95810->95811 95812 8d1b79 95811->95812 95813 8da961 22 API calls 95812->95813 95814 8d1b84 95813->95814 95815 8efddb 22 API calls 95814->95815 95816 8d1b96 RegisterWindowMessageW 95815->95816 95816->95767 95818 8e1981 95817->95818 95822 8e195d 95817->95822 95860 8f0242 5 API calls __Init_thread_wait 95818->95860 95821 8e198b 95821->95822 95861 8f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95821->95861 95826 8e196e 95822->95826 95862 8f0242 5 API calls __Init_thread_wait 95822->95862 95823 8e8727 95823->95826 95863 8f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95823->95863 95826->95771 95828 8d1abb 95827->95828 95829 91272d 95827->95829 95831 8efddb 22 API calls 95828->95831 95864 943209 23 API calls 95829->95864 95832 8d1ac3 95831->95832 95832->95773 95833 912738 95834->95782 95835->95784 95865 94092a 28 API calls 95835->95865 95837 8da961 22 API calls 95836->95837 95838 8d13fc 95837->95838 95839 8da961 22 API calls 95838->95839 95840 8d1404 95839->95840 95841 8da961 22 API calls 95840->95841 95842 8d13c6 95841->95842 95842->95789 95844 914ba1 95843->95844 95845 8d6b67 _wcslen 95843->95845 95856 8d93b2 95844->95856 95848 8d6b7d 95845->95848 95849 8d6ba2 95845->95849 95847 914baa 95847->95847 95855 8d6f34 22 API calls 95848->95855 95851 8efddb 22 API calls 95849->95851 95853 8d6bae 95851->95853 95852 8d6b85 __fread_nolock 95852->95794 95854 8efe0b 22 API calls 95853->95854 95854->95852 95855->95852 95857 8d93c9 __fread_nolock 95856->95857 95858 8d93c0 95856->95858 95857->95847 95858->95857 95859 8daec9 22 API calls 95858->95859 95859->95857 95860->95821 95861->95822 95862->95823 95863->95826 95864->95833 95866 8d2de3 95867 8d2df0 __wsopen_s 95866->95867 95868 8d2e09 95867->95868 95869 912c2b ___scrt_fastfail 95867->95869 95882 8d3aa2 95868->95882 95871 912c47 GetOpenFileNameW 95869->95871 95873 912c96 95871->95873 95876 8d6b57 22 API calls 95873->95876 95878 912cab 95876->95878 95878->95878 95879 8d2e27 95910 8d44a8 95879->95910 95939 911f50 95882->95939 95885 8d3ace 95888 8d6b57 22 API calls 95885->95888 95886 8d3ae9 95945 8da6c3 95886->95945 95889 8d3ada 95888->95889 95941 8d37a0 95889->95941 95892 8d2da5 95893 911f50 __wsopen_s 95892->95893 95894 8d2db2 GetLongPathNameW 95893->95894 95895 8d6b57 22 API calls 95894->95895 95896 8d2dda 95895->95896 95897 8d3598 95896->95897 95898 8da961 22 API calls 95897->95898 95899 8d35aa 95898->95899 95900 8d3aa2 23 API calls 95899->95900 95901 8d35b5 95900->95901 95902 9132eb 95901->95902 95903 8d35c0 95901->95903 95907 91330d 95902->95907 95963 8ece60 41 API calls 95902->95963 95951 8d515f 95903->95951 95909 8d35df 95909->95879 95964 8d4ecb 95910->95964 95913 913833 95986 942cf9 95913->95986 95915 8d4ecb 94 API calls 95917 8d44e1 95915->95917 95916 913848 95918 913869 95916->95918 95919 91384c 95916->95919 95917->95913 95920 8d44e9 95917->95920 95922 8efe0b 22 API calls 95918->95922 96013 8d4f39 95919->96013 95923 913854 95920->95923 95924 8d44f5 95920->95924 95938 9138ae 95922->95938 96019 93da5a 82 API calls 95923->96019 96012 8d940c 136 API calls 2 library calls 95924->96012 95927 8d2e31 95928 913862 95928->95918 95929 8d4f39 68 API calls 95932 913a5f 95929->95932 95932->95929 96025 93989b 82 API calls __wsopen_s 95932->96025 95935 8d9cb3 22 API calls 95935->95938 95938->95932 95938->95935 96020 93967e 22 API calls __fread_nolock 95938->96020 96021 9395ad 42 API calls _wcslen 95938->96021 96022 940b5a 22 API calls 95938->96022 96023 8da4a1 22 API calls __fread_nolock 95938->96023 96024 8d3ff7 22 API calls 95938->96024 95940 8d3aaf GetFullPathNameW 95939->95940 95940->95885 95940->95886 95942 8d37ae 95941->95942 95943 8d93b2 22 API calls 95942->95943 95944 8d2e12 95943->95944 95944->95892 95946 8da6dd 95945->95946 95947 8da6d0 95945->95947 95948 8efddb 22 API calls 95946->95948 95947->95889 95949 8da6e7 95948->95949 95950 8efe0b 22 API calls 95949->95950 95950->95947 95952 8d516e 95951->95952 95956 8d518f __fread_nolock 95951->95956 95954 8efe0b 22 API calls 95952->95954 95953 8efddb 22 API calls 95955 8d35cc 95953->95955 95954->95956 95957 8d35f3 95955->95957 95956->95953 95958 8d3605 95957->95958 95962 8d3624 __fread_nolock 95957->95962 95960 8efe0b 22 API calls 95958->95960 95959 8efddb 22 API calls 95961 8d363b 95959->95961 95960->95962 95961->95909 95962->95959 95963->95902 96026 8d4e90 LoadLibraryA 95964->96026 95969 8d4ef6 LoadLibraryExW 96034 8d4e59 LoadLibraryA 95969->96034 95970 913ccf 95972 8d4f39 68 API calls 95970->95972 95974 913cd6 95972->95974 95976 8d4e59 3 API calls 95974->95976 95978 913cde 95976->95978 95977 8d4f20 95977->95978 95979 8d4f2c 95977->95979 96056 8d50f5 40 API calls __fread_nolock 95978->96056 95981 8d4f39 68 API calls 95979->95981 95983 8d44cd 95981->95983 95982 913cf5 96057 9428fe 27 API calls 95982->96057 95983->95913 95983->95915 95985 913d05 95987 942d15 95986->95987 96134 8d511f 64 API calls 95987->96134 95989 942d29 96135 942e66 75 API calls 95989->96135 95991 942d3b 96009 942d3f 95991->96009 96136 8d50f5 40 API calls __fread_nolock 95991->96136 95993 942d56 96137 8d50f5 40 API calls __fread_nolock 95993->96137 95995 942d66 96138 8d50f5 40 API calls __fread_nolock 95995->96138 95997 942d81 96139 8d50f5 40 API calls __fread_nolock 95997->96139 95999 942d9c 96140 8d511f 64 API calls 95999->96140 96001 942db3 96002 8fea0c ___std_exception_copy 21 API calls 96001->96002 96003 942dba 96002->96003 96004 8fea0c ___std_exception_copy 21 API calls 96003->96004 96005 942dc4 96004->96005 96141 8d50f5 40 API calls __fread_nolock 96005->96141 96007 942dd8 96142 9428fe 27 API calls 96007->96142 96009->95916 96010 942dee 96010->96009 96143 9422ce 96010->96143 96012->95927 96014 8d4f43 96013->96014 96016 8d4f4a 96013->96016 96015 8fe678 67 API calls 96014->96015 96015->96016 96017 8d4f59 96016->96017 96018 8d4f6a FreeLibrary 96016->96018 96017->95923 96018->96017 96019->95928 96020->95938 96021->95938 96022->95938 96023->95938 96024->95938 96025->95932 96027 8d4ea8 GetProcAddress 96026->96027 96028 8d4ec6 96026->96028 96029 8d4eb8 96027->96029 96031 8fe5eb 96028->96031 96029->96028 96030 8d4ebf FreeLibrary 96029->96030 96030->96028 96058 8fe52a 96031->96058 96033 8d4eea 96033->95969 96033->95970 96035 8d4e8d 96034->96035 96036 8d4e6e GetProcAddress 96034->96036 96039 8d4f80 96035->96039 96037 8d4e7e 96036->96037 96037->96035 96038 8d4e86 FreeLibrary 96037->96038 96038->96035 96040 8efe0b 22 API calls 96039->96040 96041 8d4f95 96040->96041 96120 8d5722 96041->96120 96043 8d4fa1 __fread_nolock 96044 8d50a5 96043->96044 96045 913d1d 96043->96045 96055 8d4fdc 96043->96055 96123 8d42a2 CreateStreamOnHGlobal 96044->96123 96131 94304d 74 API calls 96045->96131 96048 913d22 96132 8d511f 64 API calls 96048->96132 96051 913d45 96133 8d50f5 40 API calls __fread_nolock 96051->96133 96054 8d506e messages 96054->95977 96055->96048 96055->96054 96129 8d50f5 40 API calls __fread_nolock 96055->96129 96130 8d511f 64 API calls 96055->96130 96056->95982 96057->95985 96061 8fe536 CallCatchBlock 96058->96061 96059 8fe544 96083 8ff2d9 20 API calls __dosmaperr 96059->96083 96061->96059 96063 8fe574 96061->96063 96062 8fe549 96084 9027ec 26 API calls pre_c_initialization 96062->96084 96064 8fe579 96063->96064 96065 8fe586 96063->96065 96085 8ff2d9 20 API calls __dosmaperr 96064->96085 96075 908061 96065->96075 96069 8fe58f 96070 8fe595 96069->96070 96071 8fe5a2 96069->96071 96086 8ff2d9 20 API calls __dosmaperr 96070->96086 96087 8fe5d4 LeaveCriticalSection __fread_nolock 96071->96087 96072 8fe554 __fread_nolock 96072->96033 96076 90806d CallCatchBlock 96075->96076 96088 902f5e EnterCriticalSection 96076->96088 96078 90807b 96089 9080fb 96078->96089 96082 9080ac __fread_nolock 96082->96069 96083->96062 96084->96072 96085->96072 96086->96072 96087->96072 96088->96078 96090 90811e 96089->96090 96091 908177 96090->96091 96098 908088 96090->96098 96105 8f918d EnterCriticalSection 96090->96105 96106 8f91a1 LeaveCriticalSection 96090->96106 96107 904c7d 96091->96107 96096 908189 96096->96098 96115 903405 11 API calls 2 library calls 96096->96115 96102 9080b7 96098->96102 96099 9081a8 96116 8f918d EnterCriticalSection 96099->96116 96119 902fa6 LeaveCriticalSection 96102->96119 96104 9080be 96104->96082 96105->96090 96106->96090 96113 904c8a __FrameHandler3::FrameUnwindToState 96107->96113 96108 904cca 96118 8ff2d9 20 API calls __dosmaperr 96108->96118 96109 904cb5 RtlAllocateHeap 96110 904cc8 96109->96110 96109->96113 96114 9029c8 20 API calls _free 96110->96114 96113->96108 96113->96109 96117 8f4ead 7 API calls 2 library calls 96113->96117 96114->96096 96115->96099 96116->96098 96117->96113 96118->96110 96119->96104 96121 8efddb 22 API calls 96120->96121 96122 8d5734 96121->96122 96122->96043 96124 8d42bc FindResourceExW 96123->96124 96128 8d42d9 96123->96128 96125 9135ba LoadResource 96124->96125 96124->96128 96126 9135cf SizeofResource 96125->96126 96125->96128 96127 9135e3 LockResource 96126->96127 96126->96128 96127->96128 96128->96055 96129->96055 96130->96055 96131->96048 96132->96051 96133->96054 96134->95989 96135->95991 96136->95993 96137->95995 96138->95997 96139->95999 96140->96001 96141->96007 96142->96010 96144 9422e7 96143->96144 96145 9422d9 96143->96145 96147 94232c 96144->96147 96148 8fe5eb 29 API calls 96144->96148 96171 9422f0 96144->96171 96146 8fe5eb 29 API calls 96145->96146 96146->96144 96172 942557 40 API calls __fread_nolock 96147->96172 96150 942311 96148->96150 96150->96147 96152 94231a 96150->96152 96151 942370 96153 942374 96151->96153 96154 942395 96151->96154 96152->96171 96180 8fe678 96152->96180 96158 8fe678 67 API calls 96153->96158 96159 942381 96153->96159 96173 942171 96154->96173 96157 94239d 96160 9423c3 96157->96160 96161 9423a3 96157->96161 96158->96159 96162 8fe678 67 API calls 96159->96162 96159->96171 96193 9423f3 74 API calls 96160->96193 96163 9423b0 96161->96163 96165 8fe678 67 API calls 96161->96165 96162->96171 96166 8fe678 67 API calls 96163->96166 96163->96171 96165->96163 96166->96171 96167 9423ca 96168 9423de 96167->96168 96169 8fe678 67 API calls 96167->96169 96170 8fe678 67 API calls 96168->96170 96168->96171 96169->96168 96170->96171 96171->96009 96172->96151 96174 8fea0c ___std_exception_copy 21 API calls 96173->96174 96175 94217f 96174->96175 96176 8fea0c ___std_exception_copy 21 API calls 96175->96176 96177 942190 96176->96177 96178 8fea0c ___std_exception_copy 21 API calls 96177->96178 96179 94219c 96178->96179 96179->96157 96181 8fe684 CallCatchBlock 96180->96181 96182 8fe6aa 96181->96182 96183 8fe695 96181->96183 96192 8fe6a5 __fread_nolock 96182->96192 96194 8f918d EnterCriticalSection 96182->96194 96211 8ff2d9 20 API calls __dosmaperr 96183->96211 96185 8fe69a 96212 9027ec 26 API calls pre_c_initialization 96185->96212 96188 8fe6c6 96195 8fe602 96188->96195 96190 8fe6d1 96213 8fe6ee LeaveCriticalSection __fread_nolock 96190->96213 96192->96171 96193->96167 96194->96188 96196 8fe60f 96195->96196 96197 8fe624 96195->96197 96246 8ff2d9 20 API calls __dosmaperr 96196->96246 96203 8fe61f 96197->96203 96214 8fdc0b 96197->96214 96199 8fe614 96247 9027ec 26 API calls pre_c_initialization 96199->96247 96203->96190 96207 8fe646 96231 90862f 96207->96231 96211->96185 96212->96192 96213->96192 96215 8fdc23 96214->96215 96217 8fdc1f 96214->96217 96216 8fd955 __fread_nolock 26 API calls 96215->96216 96215->96217 96218 8fdc43 96216->96218 96220 904d7a 96217->96220 96249 9059be 62 API calls 6 library calls 96218->96249 96221 904d90 96220->96221 96222 8fe640 96220->96222 96221->96222 96250 9029c8 20 API calls _free 96221->96250 96224 8fd955 96222->96224 96225 8fd976 96224->96225 96226 8fd961 96224->96226 96225->96207 96251 8ff2d9 20 API calls __dosmaperr 96226->96251 96228 8fd966 96252 9027ec 26 API calls pre_c_initialization 96228->96252 96230 8fd971 96230->96207 96232 90863e 96231->96232 96236 908653 96231->96236 96256 8ff2c6 20 API calls __dosmaperr 96232->96256 96234 90868e 96258 8ff2c6 20 API calls __dosmaperr 96234->96258 96235 908643 96257 8ff2d9 20 API calls __dosmaperr 96235->96257 96236->96234 96239 90867a 96236->96239 96253 908607 96239->96253 96240 908693 96259 8ff2d9 20 API calls __dosmaperr 96240->96259 96243 90869b 96260 9027ec 26 API calls pre_c_initialization 96243->96260 96244 8fe64c 96244->96203 96248 9029c8 20 API calls _free 96244->96248 96246->96199 96247->96203 96248->96203 96249->96217 96250->96222 96251->96228 96252->96230 96261 908585 96253->96261 96255 90862b 96255->96244 96256->96235 96257->96244 96258->96240 96259->96243 96260->96244 96262 908591 CallCatchBlock 96261->96262 96272 905147 EnterCriticalSection 96262->96272 96264 90859f 96265 9085d1 96264->96265 96266 9085c6 96264->96266 96288 8ff2d9 20 API calls __dosmaperr 96265->96288 96273 9086ae 96266->96273 96269 9085cc 96289 9085fb LeaveCriticalSection __wsopen_s 96269->96289 96271 9085ee __fread_nolock 96271->96255 96272->96264 96290 9053c4 96273->96290 96275 9086c4 96303 905333 21 API calls 3 library calls 96275->96303 96277 9086be 96277->96275 96278 9086f6 96277->96278 96280 9053c4 __wsopen_s 26 API calls 96277->96280 96278->96275 96281 9053c4 __wsopen_s 26 API calls 96278->96281 96279 90871c 96282 90873e 96279->96282 96304 8ff2a3 20 API calls 2 library calls 96279->96304 96283 9086ed 96280->96283 96284 908702 FindCloseChangeNotification 96281->96284 96282->96269 96286 9053c4 __wsopen_s 26 API calls 96283->96286 96284->96275 96287 90870e GetLastError 96284->96287 96286->96278 96287->96275 96288->96269 96289->96271 96291 9053d1 96290->96291 96292 9053e6 96290->96292 96293 8ff2c6 __dosmaperr 20 API calls 96291->96293 96294 8ff2c6 __dosmaperr 20 API calls 96292->96294 96296 90540b 96292->96296 96295 9053d6 96293->96295 96297 905416 96294->96297 96298 8ff2d9 _free 20 API calls 96295->96298 96296->96277 96299 8ff2d9 _free 20 API calls 96297->96299 96300 9053de 96298->96300 96301 90541e 96299->96301 96300->96277 96302 9027ec pre_c_initialization 26 API calls 96301->96302 96302->96300 96303->96279 96304->96282 96305 8df7bf 96306 8dfcb6 96305->96306 96307 8df7d3 96305->96307 96396 8daceb 23 API calls messages 96306->96396 96309 8dfcc2 96307->96309 96310 8efddb 22 API calls 96307->96310 96397 8daceb 23 API calls messages 96309->96397 96312 8df7e5 96310->96312 96312->96309 96313 8df83e 96312->96313 96314 8dfd3d 96312->96314 96332 8ded9d messages 96313->96332 96340 8e1310 96313->96340 96398 941155 22 API calls 96314->96398 96317 8efddb 22 API calls 96337 8dec76 messages 96317->96337 96318 8dfef7 96318->96332 96400 8da8c7 22 API calls __fread_nolock 96318->96400 96321 924b0b 96402 94359c 82 API calls __wsopen_s 96321->96402 96322 8da8c7 22 API calls 96322->96337 96323 924600 96323->96332 96399 8da8c7 22 API calls __fread_nolock 96323->96399 96328 8f0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96328->96337 96330 8dfbe3 96330->96332 96333 924bdc 96330->96333 96338 8df3ae messages 96330->96338 96331 8da961 22 API calls 96331->96337 96403 94359c 82 API calls __wsopen_s 96333->96403 96334 8f00a3 29 API calls pre_c_initialization 96334->96337 96336 924beb 96404 94359c 82 API calls __wsopen_s 96336->96404 96337->96317 96337->96318 96337->96321 96337->96322 96337->96323 96337->96328 96337->96330 96337->96331 96337->96332 96337->96334 96337->96336 96337->96338 96339 8f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96337->96339 96394 8e01e0 185 API calls 2 library calls 96337->96394 96395 8e06a0 41 API calls messages 96337->96395 96338->96332 96401 94359c 82 API calls __wsopen_s 96338->96401 96339->96337 96341 8e1376 96340->96341 96342 8e17b0 96340->96342 96343 926331 96341->96343 96344 8e1390 96341->96344 96419 8f0242 5 API calls __Init_thread_wait 96342->96419 96430 95709c 185 API calls 96343->96430 96346 8e1940 9 API calls 96344->96346 96349 8e13a0 96346->96349 96348 8e17ba 96351 8e17fb 96348->96351 96420 8d9cb3 96348->96420 96352 8e1940 9 API calls 96349->96352 96350 92633d 96350->96337 96355 926346 96351->96355 96357 8e182c 96351->96357 96354 8e13b6 96352->96354 96354->96351 96356 8e13ec 96354->96356 96431 94359c 82 API calls __wsopen_s 96355->96431 96356->96355 96380 8e1408 __fread_nolock 96356->96380 96427 8daceb 23 API calls messages 96357->96427 96360 8e17d4 96426 8f01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96360->96426 96361 8e1839 96428 8ed217 185 API calls 96361->96428 96364 92636e 96432 94359c 82 API calls __wsopen_s 96364->96432 96365 8e152f 96367 8e153c 96365->96367 96368 9263d1 96365->96368 96370 8e1940 9 API calls 96367->96370 96434 955745 54 API calls _wcslen 96368->96434 96371 8e1549 96370->96371 96375 9264fa 96371->96375 96377 8e1940 9 API calls 96371->96377 96372 8efddb 22 API calls 96372->96380 96373 8e1872 96429 8efaeb 23 API calls 96373->96429 96374 8efe0b 22 API calls 96374->96380 96384 926369 96375->96384 96436 94359c 82 API calls __wsopen_s 96375->96436 96382 8e1563 96377->96382 96379 8dec40 185 API calls 96379->96380 96380->96361 96380->96364 96380->96365 96380->96372 96380->96374 96380->96379 96381 9263b2 96380->96381 96380->96384 96433 94359c 82 API calls __wsopen_s 96381->96433 96382->96375 96387 8e15c7 messages 96382->96387 96435 8da8c7 22 API calls __fread_nolock 96382->96435 96384->96337 96386 8e1940 9 API calls 96386->96387 96387->96373 96387->96375 96387->96384 96387->96386 96389 8e167b messages 96387->96389 96405 95a2ea 96387->96405 96410 945c5a 96387->96410 96415 95ac5b 96387->96415 96388 8e171d 96388->96337 96389->96388 96418 8ece17 22 API calls messages 96389->96418 96394->96337 96395->96337 96396->96309 96397->96314 96398->96332 96399->96332 96400->96332 96401->96332 96402->96332 96403->96336 96404->96332 96437 8d7510 96405->96437 96409 95a315 96409->96387 96411 8d7510 53 API calls 96410->96411 96412 945c6d 96411->96412 96485 93dbbe lstrlenW 96412->96485 96414 945c77 96414->96387 96490 95ad64 96415->96490 96417 95ac6f 96417->96387 96418->96389 96419->96348 96421 8d9cc2 _wcslen 96420->96421 96422 8efe0b 22 API calls 96421->96422 96423 8d9cea __fread_nolock 96422->96423 96424 8efddb 22 API calls 96423->96424 96425 8d9d00 96424->96425 96425->96360 96426->96351 96427->96361 96428->96373 96429->96373 96430->96350 96431->96384 96432->96384 96433->96384 96434->96382 96435->96387 96436->96384 96438 8d7525 96437->96438 96455 8d7522 96437->96455 96439 8d752d 96438->96439 96440 8d755b 96438->96440 96470 8f51c6 26 API calls 96439->96470 96442 9150f6 96440->96442 96445 8d756d 96440->96445 96446 91500f 96440->96446 96473 8f5183 26 API calls 96442->96473 96443 8d753d 96450 8efddb 22 API calls 96443->96450 96471 8efb21 51 API calls 96445->96471 96451 915088 96446->96451 96454 8efe0b 22 API calls 96446->96454 96448 91510e 96448->96448 96452 8d7547 96450->96452 96472 8efb21 51 API calls 96451->96472 96453 8d9cb3 22 API calls 96452->96453 96453->96455 96457 915058 96454->96457 96460 93d4dc CreateToolhelp32Snapshot Process32FirstW 96455->96460 96456 8efddb 22 API calls 96458 91507f 96456->96458 96457->96456 96459 8d9cb3 22 API calls 96458->96459 96459->96451 96474 93def7 96460->96474 96462 93d5db FindCloseChangeNotification 96462->96409 96463 93d529 Process32NextW 96463->96462 96465 93d522 96463->96465 96464 8da961 22 API calls 96464->96465 96465->96462 96465->96463 96465->96464 96466 8d9cb3 22 API calls 96465->96466 96480 8d525f 22 API calls 96465->96480 96481 8d6350 22 API calls 96465->96481 96482 8ece60 41 API calls 96465->96482 96466->96465 96470->96443 96471->96443 96472->96442 96473->96448 96475 93df02 96474->96475 96476 93df19 96475->96476 96479 93df1f 96475->96479 96483 8f63b2 GetStringTypeW _strftime 96475->96483 96484 8f62fb 39 API calls 96476->96484 96479->96465 96480->96465 96481->96465 96482->96465 96483->96475 96484->96479 96486 93dc06 96485->96486 96487 93dbdc GetFileAttributesW 96485->96487 96486->96414 96487->96486 96488 93dbe8 FindFirstFileW 96487->96488 96488->96486 96489 93dbf9 FindClose 96488->96489 96489->96486 96491 8da961 22 API calls 96490->96491 96493 95ad77 ___scrt_fastfail 96491->96493 96492 95adce 96494 95adee 96492->96494 96497 8d7510 53 API calls 96492->96497 96493->96492 96495 8d7510 53 API calls 96493->96495 96498 95ae3a 96494->96498 96500 8d7510 53 API calls 96494->96500 96496 95adab 96495->96496 96496->96492 96501 8d7510 53 API calls 96496->96501 96499 95ade4 96497->96499 96503 95ae4d ___scrt_fastfail 96498->96503 96521 8db567 39 API calls 96498->96521 96519 8d7620 22 API calls _wcslen 96499->96519 96509 95ae04 96500->96509 96504 95adc4 96501->96504 96507 8d7510 53 API calls 96503->96507 96518 8d7620 22 API calls _wcslen 96504->96518 96508 95ae85 ShellExecuteExW 96507->96508 96512 95aeb0 96508->96512 96509->96498 96510 8d7510 53 API calls 96509->96510 96511 95ae28 96510->96511 96511->96498 96520 8da8c7 22 API calls __fread_nolock 96511->96520 96514 95aec8 96512->96514 96515 95af35 GetProcessId 96512->96515 96514->96417 96516 95af48 96515->96516 96517 95af58 CloseHandle 96516->96517 96517->96514 96518->96492 96519->96494 96520->96498 96521->96503 96522 922a00 96532 8dd7b0 messages 96522->96532 96523 8dd9d5 96524 8ddb11 PeekMessageW 96524->96532 96525 8dd807 GetInputState 96525->96524 96525->96532 96526 921cbe TranslateAcceleratorW 96526->96532 96528 8ddb8f PeekMessageW 96528->96532 96529 8dda04 timeGetTime 96529->96532 96530 8ddb73 TranslateMessage DispatchMessageW 96530->96528 96531 8ddbaf Sleep 96534 8ddbc0 96531->96534 96532->96523 96532->96524 96532->96525 96532->96526 96532->96528 96532->96529 96532->96530 96532->96531 96533 922b74 Sleep 96532->96533 96536 921dda timeGetTime 96532->96536 96550 8dec40 185 API calls 96532->96550 96551 8e1310 185 API calls 96532->96551 96552 8dbf40 185 API calls 96532->96552 96554 8ddd50 96532->96554 96561 8ddfd0 185 API calls 3 library calls 96532->96561 96562 8eedf6 IsDialogMessageW GetClassLongW 96532->96562 96564 943a2a 23 API calls 96532->96564 96565 94359c 82 API calls __wsopen_s 96532->96565 96533->96534 96534->96523 96534->96532 96535 8ee551 timeGetTime 96534->96535 96538 93d4dc 47 API calls 96534->96538 96539 922c0b GetExitCodeProcess 96534->96539 96542 922a31 96534->96542 96543 9629bf GetForegroundWindow 96534->96543 96545 922ca9 Sleep 96534->96545 96566 955658 23 API calls 96534->96566 96567 93e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96534->96567 96535->96534 96563 8ee300 23 API calls 96536->96563 96538->96534 96540 922c21 WaitForSingleObject 96539->96540 96541 922c37 CloseHandle 96539->96541 96540->96532 96540->96541 96541->96534 96542->96523 96543->96534 96545->96532 96550->96532 96551->96532 96552->96532 96555 8ddd6f 96554->96555 96556 8ddd83 96554->96556 96568 8dd260 96555->96568 96600 94359c 82 API calls __wsopen_s 96556->96600 96559 8ddd7a 96559->96532 96560 922f75 96560->96560 96561->96532 96562->96532 96563->96532 96564->96532 96565->96532 96566->96534 96567->96534 96569 8dec40 185 API calls 96568->96569 96589 8dd29d 96569->96589 96570 921bc4 96607 94359c 82 API calls __wsopen_s 96570->96607 96572 8dd30b messages 96572->96559 96573 8dd6d5 96573->96572 96584 8efe0b 22 API calls 96573->96584 96574 8dd3c3 96574->96573 96576 8dd3ce 96574->96576 96575 8dd5ff 96577 921bb5 96575->96577 96578 8dd614 96575->96578 96580 8efddb 22 API calls 96576->96580 96606 955705 23 API calls 96577->96606 96582 8efddb 22 API calls 96578->96582 96579 8dd4b8 96585 8efe0b 22 API calls 96579->96585 96587 8dd3d5 __fread_nolock 96580->96587 96593 8dd46a 96582->96593 96583 8efddb 22 API calls 96583->96589 96584->96587 96595 8dd429 __fread_nolock messages 96585->96595 96586 8efddb 22 API calls 96588 8dd3f6 96586->96588 96587->96586 96587->96588 96588->96595 96601 8dbec0 185 API calls 96588->96601 96589->96570 96589->96572 96589->96573 96589->96574 96589->96579 96589->96583 96589->96595 96591 921ba4 96605 94359c 82 API calls __wsopen_s 96591->96605 96593->96559 96595->96575 96595->96591 96595->96593 96596 921b7f 96595->96596 96598 921b5d 96595->96598 96602 8d1f6f 185 API calls 96595->96602 96604 94359c 82 API calls __wsopen_s 96596->96604 96603 94359c 82 API calls __wsopen_s 96598->96603 96600->96560 96601->96595 96602->96595 96603->96593 96604->96593 96605->96593 96606->96570 96607->96572 96608 908402 96613 9081be 96608->96613 96612 90842a 96614 9081ef try_get_first_available_module 96613->96614 96621 908338 96614->96621 96628 8f8e0b 40 API calls 2 library calls 96614->96628 96616 9083ee 96632 9027ec 26 API calls pre_c_initialization 96616->96632 96618 908343 96618->96612 96625 910984 96618->96625 96620 90838c 96620->96621 96629 8f8e0b 40 API calls 2 library calls 96620->96629 96621->96618 96631 8ff2d9 20 API calls __dosmaperr 96621->96631 96623 9083ab 96623->96621 96630 8f8e0b 40 API calls 2 library calls 96623->96630 96633 910081 96625->96633 96627 91099f 96627->96612 96628->96620 96629->96623 96630->96621 96631->96616 96632->96618 96636 91008d CallCatchBlock 96633->96636 96634 91009b 96690 8ff2d9 20 API calls __dosmaperr 96634->96690 96636->96634 96638 9100d4 96636->96638 96637 9100a0 96691 9027ec 26 API calls pre_c_initialization 96637->96691 96644 91065b 96638->96644 96641 9100aa __fread_nolock 96641->96627 96645 910678 96644->96645 96646 9106a6 96645->96646 96647 91068d 96645->96647 96693 905221 96646->96693 96707 8ff2c6 20 API calls __dosmaperr 96647->96707 96650 9106ab 96651 9106b4 96650->96651 96652 9106cb 96650->96652 96709 8ff2c6 20 API calls __dosmaperr 96651->96709 96706 91039a CreateFileW 96652->96706 96656 910704 96658 910781 GetFileType 96656->96658 96660 910756 GetLastError 96656->96660 96711 91039a CreateFileW 96656->96711 96657 9106b9 96710 8ff2d9 20 API calls __dosmaperr 96657->96710 96661 9107d3 96658->96661 96662 91078c GetLastError 96658->96662 96712 8ff2a3 20 API calls 2 library calls 96660->96712 96715 90516a 21 API calls 3 library calls 96661->96715 96713 8ff2a3 20 API calls 2 library calls 96662->96713 96663 910692 96708 8ff2d9 20 API calls __dosmaperr 96663->96708 96667 91079a CloseHandle 96667->96663 96670 9107c3 96667->96670 96669 910749 96669->96658 96669->96660 96714 8ff2d9 20 API calls __dosmaperr 96670->96714 96671 9107f4 96673 910840 96671->96673 96716 9105ab 72 API calls 4 library calls 96671->96716 96678 91086d 96673->96678 96717 91014d 72 API calls 4 library calls 96673->96717 96674 9107c8 96674->96663 96677 910866 96677->96678 96679 91087e 96677->96679 96680 9086ae __wsopen_s 29 API calls 96678->96680 96681 9100f8 96679->96681 96682 9108fc CloseHandle 96679->96682 96680->96681 96692 910121 LeaveCriticalSection __wsopen_s 96681->96692 96718 91039a CreateFileW 96682->96718 96684 910927 96685 910931 GetLastError 96684->96685 96686 91095d 96684->96686 96719 8ff2a3 20 API calls 2 library calls 96685->96719 96686->96681 96688 91093d 96720 905333 21 API calls 3 library calls 96688->96720 96690->96637 96691->96641 96692->96641 96694 90522d CallCatchBlock 96693->96694 96721 902f5e EnterCriticalSection 96694->96721 96696 90527b 96722 90532a 96696->96722 96698 905259 96725 905000 96698->96725 96699 905234 96699->96696 96699->96698 96703 9052c7 EnterCriticalSection 96699->96703 96700 9052a4 __fread_nolock 96700->96650 96703->96696 96704 9052d4 LeaveCriticalSection 96703->96704 96704->96699 96706->96656 96707->96663 96708->96681 96709->96657 96710->96663 96711->96669 96712->96663 96713->96667 96714->96674 96715->96671 96716->96673 96717->96677 96718->96684 96719->96688 96720->96686 96721->96699 96733 902fa6 LeaveCriticalSection 96722->96733 96724 905331 96724->96700 96726 904c7d __FrameHandler3::FrameUnwindToState 20 API calls 96725->96726 96731 905012 96726->96731 96727 90501f 96735 9029c8 20 API calls _free 96727->96735 96730 905071 96730->96696 96732 905147 EnterCriticalSection 96730->96732 96731->96727 96734 903405 11 API calls 2 library calls 96731->96734 96732->96696 96733->96724 96734->96731 96735->96730 96736 912402 96739 8d1410 96736->96739 96740 8d144f mciSendStringW 96739->96740 96741 9124b8 DestroyWindow 96739->96741 96742 8d146b 96740->96742 96743 8d16c6 96740->96743 96753 9124c4 96741->96753 96744 8d1479 96742->96744 96742->96753 96743->96742 96745 8d16d5 UnregisterHotKey 96743->96745 96772 8d182e 96744->96772 96745->96743 96747 912509 96754 91252d 96747->96754 96755 91251c FreeLibrary 96747->96755 96748 9124e2 FindClose 96748->96753 96749 9124d8 96749->96753 96778 8d6246 CloseHandle 96749->96778 96752 8d148e 96752->96754 96760 8d149c 96752->96760 96753->96747 96753->96748 96753->96749 96756 912541 VirtualFree 96754->96756 96763 8d1509 96754->96763 96755->96747 96756->96754 96757 8d14f8 OleUninitialize 96757->96763 96758 912589 96765 912598 messages 96758->96765 96779 9432eb 6 API calls messages 96758->96779 96759 8d1514 96762 8d1524 96759->96762 96760->96757 96776 8d1944 VirtualFreeEx CloseHandle 96762->96776 96763->96758 96763->96759 96768 912627 96765->96768 96780 9364d4 22 API calls messages 96765->96780 96767 8d153a 96767->96765 96769 8d161f 96767->96769 96768->96768 96769->96768 96777 8d1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96769->96777 96771 8d16c1 96773 8d183b 96772->96773 96774 8d1480 96773->96774 96781 93702a 22 API calls 96773->96781 96774->96747 96774->96752 96776->96767 96777->96771 96778->96749 96779->96758 96780->96765 96781->96773 96782 912ba5 96783 8d2b25 96782->96783 96784 912baf 96782->96784 96810 8d2b83 7 API calls 96783->96810 96828 8d3a5a 96784->96828 96788 912bb8 96790 8d9cb3 22 API calls 96788->96790 96792 912bc6 96790->96792 96791 8d2b2f 96800 8d2b44 96791->96800 96814 8d3837 96791->96814 96793 912bf5 96792->96793 96794 912bce 96792->96794 96796 8d33c6 22 API calls 96793->96796 96835 8d33c6 96794->96835 96808 912bf1 GetForegroundWindow ShellExecuteW 96796->96808 96799 8d2b5f 96807 8d2b66 SetCurrentDirectoryW 96799->96807 96800->96799 96824 8d30f2 96800->96824 96804 912be7 96806 8d33c6 22 API calls 96804->96806 96805 912c26 96805->96799 96806->96808 96809 8d2b7a 96807->96809 96808->96805 96845 8d2cd4 7 API calls 96810->96845 96812 8d2b2a 96813 8d2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96812->96813 96813->96791 96815 8d3862 ___scrt_fastfail 96814->96815 96846 8d4212 96815->96846 96818 8d38e8 96820 913386 Shell_NotifyIconW 96818->96820 96821 8d3906 Shell_NotifyIconW 96818->96821 96850 8d3923 96821->96850 96823 8d391c 96823->96800 96825 8d3154 96824->96825 96826 8d3104 ___scrt_fastfail 96824->96826 96825->96799 96827 8d3123 Shell_NotifyIconW 96826->96827 96827->96825 96829 911f50 __wsopen_s 96828->96829 96830 8d3a67 GetModuleFileNameW 96829->96830 96831 8d9cb3 22 API calls 96830->96831 96832 8d3a8d 96831->96832 96833 8d3aa2 23 API calls 96832->96833 96834 8d3a97 96833->96834 96834->96788 96836 8d33dd 96835->96836 96837 9130bb 96835->96837 96881 8d33ee 96836->96881 96838 8efddb 22 API calls 96837->96838 96840 9130c5 _wcslen 96838->96840 96842 8efe0b 22 API calls 96840->96842 96841 8d33e8 96844 8d6350 22 API calls 96841->96844 96843 9130fe __fread_nolock 96842->96843 96844->96804 96845->96812 96847 9135a4 96846->96847 96848 8d38b7 96846->96848 96847->96848 96849 9135ad DestroyIcon 96847->96849 96848->96818 96872 93c874 42 API calls _strftime 96848->96872 96849->96848 96851 8d393f 96850->96851 96852 8d3a13 96850->96852 96873 8d6270 96851->96873 96852->96823 96855 913393 LoadStringW 96858 9133ad 96855->96858 96856 8d395a 96857 8d6b57 22 API calls 96856->96857 96859 8d396f 96857->96859 96866 8d3994 ___scrt_fastfail 96858->96866 96879 8da8c7 22 API calls __fread_nolock 96858->96879 96860 8d397c 96859->96860 96861 9133c9 96859->96861 96860->96858 96864 8d3986 96860->96864 96880 8d6350 22 API calls 96861->96880 96878 8d6350 22 API calls 96864->96878 96869 8d39f9 Shell_NotifyIconW 96866->96869 96867 9133d7 96867->96866 96868 8d33c6 22 API calls 96867->96868 96870 9133f9 96868->96870 96869->96852 96871 8d33c6 22 API calls 96870->96871 96871->96866 96872->96818 96874 8efe0b 22 API calls 96873->96874 96875 8d6295 96874->96875 96876 8efddb 22 API calls 96875->96876 96877 8d394d 96876->96877 96877->96855 96877->96856 96878->96866 96879->96866 96880->96867 96882 8d33fe _wcslen 96881->96882 96883 91311d 96882->96883 96884 8d3411 96882->96884 96886 8efddb 22 API calls 96883->96886 96891 8da587 96884->96891 96888 913127 96886->96888 96887 8d341e __fread_nolock 96887->96841 96889 8efe0b 22 API calls 96888->96889 96890 913157 __fread_nolock 96889->96890 96892 8da59d 96891->96892 96895 8da598 __fread_nolock 96891->96895 96893 91f80f 96892->96893 96894 8efe0b 22 API calls 96892->96894 96894->96895 96895->96887 96896 8f03fb 96897 8f0407 CallCatchBlock 96896->96897 96925 8efeb1 96897->96925 96899 8f040e 96900 8f0561 96899->96900 96903 8f0438 96899->96903 96955 8f083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96900->96955 96902 8f0568 96948 8f4e52 96902->96948 96914 8f0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96903->96914 96936 90247d 96903->96936 96910 8f0457 96912 8f04d8 96944 8f0959 96912->96944 96914->96912 96951 8f4e1a 38 API calls 3 library calls 96914->96951 96916 8f04de 96917 8f04f3 96916->96917 96952 8f0992 GetModuleHandleW 96917->96952 96919 8f04fa 96919->96902 96920 8f04fe 96919->96920 96921 8f0507 96920->96921 96953 8f4df5 28 API calls _abort 96920->96953 96954 8f0040 13 API calls 2 library calls 96921->96954 96924 8f050f 96924->96910 96926 8efeba 96925->96926 96957 8f0698 IsProcessorFeaturePresent 96926->96957 96928 8efec6 96958 8f2c94 10 API calls 3 library calls 96928->96958 96930 8efecb 96935 8efecf 96930->96935 96959 902317 96930->96959 96933 8efee6 96933->96899 96935->96899 96939 902494 96936->96939 96937 8f0a8c _ValidateLocalCookies 5 API calls 96938 8f0451 96937->96938 96938->96910 96940 902421 96938->96940 96939->96937 96941 902450 96940->96941 96942 8f0a8c _ValidateLocalCookies 5 API calls 96941->96942 96943 902479 96942->96943 96943->96914 97010 8f2340 96944->97010 96947 8f097f 96947->96916 97012 8f4bcf 96948->97012 96951->96912 96952->96919 96953->96921 96954->96924 96955->96902 96957->96928 96958->96930 96963 90d1f6 96959->96963 96962 8f2cbd 8 API calls 3 library calls 96962->96935 96966 90d213 96963->96966 96967 90d20f 96963->96967 96965 8efed8 96965->96933 96965->96962 96966->96967 96969 904bfb 96966->96969 96981 8f0a8c 96967->96981 96970 904c07 CallCatchBlock 96969->96970 96988 902f5e EnterCriticalSection 96970->96988 96972 904c0e 96989 9050af 96972->96989 96974 904c1d 96975 904c2c 96974->96975 97002 904a8f 29 API calls 96974->97002 97004 904c48 LeaveCriticalSection _abort 96975->97004 96978 904c27 97003 904b45 GetStdHandle GetFileType 96978->97003 96979 904c3d __fread_nolock 96979->96966 96982 8f0a97 IsProcessorFeaturePresent 96981->96982 96983 8f0a95 96981->96983 96985 8f0c5d 96982->96985 96983->96965 97009 8f0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96985->97009 96987 8f0d40 96987->96965 96988->96972 96990 9050bb CallCatchBlock 96989->96990 96991 9050c8 96990->96991 96992 9050df 96990->96992 97006 8ff2d9 20 API calls __dosmaperr 96991->97006 97005 902f5e EnterCriticalSection 96992->97005 96995 9050cd 97007 9027ec 26 API calls pre_c_initialization 96995->97007 96997 9050d7 __fread_nolock 96997->96974 96998 905117 97008 90513e LeaveCriticalSection _abort 96998->97008 97000 9050eb 97000->96998 97001 905000 __wsopen_s 21 API calls 97000->97001 97001->97000 97002->96978 97003->96975 97004->96979 97005->97000 97006->96995 97007->96997 97008->96997 97009->96987 97011 8f096c GetStartupInfoW 97010->97011 97011->96947 97013 8f4bdb __FrameHandler3::FrameUnwindToState 97012->97013 97014 8f4bf4 97013->97014 97015 8f4be2 97013->97015 97036 902f5e EnterCriticalSection 97014->97036 97051 8f4d29 GetModuleHandleW 97015->97051 97018 8f4be7 97018->97014 97052 8f4d6d GetModuleHandleExW 97018->97052 97019 8f4c99 97040 8f4cd9 97019->97040 97023 8f4c70 97027 8f4c88 97023->97027 97031 902421 _abort 5 API calls 97023->97031 97025 8f4cb6 97043 8f4ce8 97025->97043 97026 8f4ce2 97060 911d29 5 API calls _ValidateLocalCookies 97026->97060 97032 902421 _abort 5 API calls 97027->97032 97031->97027 97032->97019 97033 8f4bfb 97033->97019 97033->97023 97037 9021a8 97033->97037 97036->97033 97061 901ee1 97037->97061 97081 902fa6 LeaveCriticalSection 97040->97081 97042 8f4cb2 97042->97025 97042->97026 97082 90360c 97043->97082 97046 8f4d16 97049 8f4d6d _abort 8 API calls 97046->97049 97047 8f4cf6 GetPEB 97047->97046 97048 8f4d06 GetCurrentProcess TerminateProcess 97047->97048 97048->97046 97050 8f4d1e ExitProcess 97049->97050 97051->97018 97053 8f4dba 97052->97053 97054 8f4d97 GetProcAddress 97052->97054 97056 8f4dc9 97053->97056 97057 8f4dc0 FreeLibrary 97053->97057 97055 8f4dac 97054->97055 97055->97053 97058 8f0a8c _ValidateLocalCookies 5 API calls 97056->97058 97057->97056 97059 8f4bf3 97058->97059 97059->97014 97064 901e90 97061->97064 97063 901f05 97063->97023 97065 901e9c CallCatchBlock 97064->97065 97072 902f5e EnterCriticalSection 97065->97072 97067 901eaa 97073 901f31 97067->97073 97071 901ec8 __fread_nolock 97071->97063 97072->97067 97076 901f51 97073->97076 97078 901f59 97073->97078 97074 8f0a8c _ValidateLocalCookies 5 API calls 97075 901eb7 97074->97075 97079 901ed5 LeaveCriticalSection _abort 97075->97079 97076->97074 97078->97076 97080 9029c8 20 API calls _free 97078->97080 97079->97071 97080->97076 97081->97042 97083 903631 97082->97083 97084 903627 97082->97084 97089 902fd7 5 API calls 2 library calls 97083->97089 97086 8f0a8c _ValidateLocalCookies 5 API calls 97084->97086 97087 8f4cf2 97086->97087 97087->97046 97087->97047 97088 903648 97088->97084 97089->97088 97090 8d1098 97095 8d42de 97090->97095 97094 8d10a7 97096 8da961 22 API calls 97095->97096 97097 8d42f5 GetVersionExW 97096->97097 97098 8d6b57 22 API calls 97097->97098 97099 8d4342 97098->97099 97100 8d93b2 22 API calls 97099->97100 97102 8d4378 97099->97102 97101 8d436c 97100->97101 97104 8d37a0 22 API calls 97101->97104 97103 8d441b GetCurrentProcess IsWow64Process 97102->97103 97108 9137df 97102->97108 97105 8d4437 97103->97105 97104->97102 97106 8d444f LoadLibraryA 97105->97106 97107 913824 GetSystemInfo 97105->97107 97109 8d449c GetSystemInfo 97106->97109 97110 8d4460 GetProcAddress 97106->97110 97111 8d4476 97109->97111 97110->97109 97112 8d4470 GetNativeSystemInfo 97110->97112 97113 8d447a FreeLibrary 97111->97113 97114 8d109d 97111->97114 97112->97111 97113->97114 97115 8f00a3 29 API calls __onexit 97114->97115 97115->97094 97116 8d105b 97121 8d344d 97116->97121 97118 8d106a 97152 8f00a3 29 API calls __onexit 97118->97152 97120 8d1074 97122 8d345d __wsopen_s 97121->97122 97123 8da961 22 API calls 97122->97123 97124 8d3513 97123->97124 97125 8d3a5a 24 API calls 97124->97125 97126 8d351c 97125->97126 97153 8d3357 97126->97153 97129 8d33c6 22 API calls 97130 8d3535 97129->97130 97131 8d515f 22 API calls 97130->97131 97132 8d3544 97131->97132 97133 8da961 22 API calls 97132->97133 97134 8d354d 97133->97134 97135 8da6c3 22 API calls 97134->97135 97136 8d3556 RegOpenKeyExW 97135->97136 97137 913176 RegQueryValueExW 97136->97137 97141 8d3578 97136->97141 97138 913193 97137->97138 97139 91320c RegCloseKey 97137->97139 97140 8efe0b 22 API calls 97138->97140 97139->97141 97151 91321e _wcslen 97139->97151 97142 9131ac 97140->97142 97141->97118 97143 8d5722 22 API calls 97142->97143 97144 9131b7 RegQueryValueExW 97143->97144 97146 9131d4 97144->97146 97148 9131ee messages 97144->97148 97145 8d4c6d 22 API calls 97145->97151 97147 8d6b57 22 API calls 97146->97147 97147->97148 97148->97139 97149 8d9cb3 22 API calls 97149->97151 97150 8d515f 22 API calls 97150->97151 97151->97141 97151->97145 97151->97149 97151->97150 97152->97120 97154 911f50 __wsopen_s 97153->97154 97155 8d3364 GetFullPathNameW 97154->97155 97156 8d3386 97155->97156 97157 8d6b57 22 API calls 97156->97157 97158 8d33a4 97157->97158 97158->97129 97159 8d2e37 97160 8da961 22 API calls 97159->97160 97161 8d2e4d 97160->97161 97238 8d4ae3 97161->97238 97163 8d2e6b 97164 8d3a5a 24 API calls 97163->97164 97165 8d2e7f 97164->97165 97166 8d9cb3 22 API calls 97165->97166 97167 8d2e8c 97166->97167 97168 8d4ecb 94 API calls 97167->97168 97169 8d2ea5 97168->97169 97170 8d2ead 97169->97170 97171 912cb0 97169->97171 97252 8da8c7 22 API calls __fread_nolock 97170->97252 97172 942cf9 80 API calls 97171->97172 97173 912cc3 97172->97173 97175 912ccf 97173->97175 97177 8d4f39 68 API calls 97173->97177 97179 8d4f39 68 API calls 97175->97179 97176 8d2ec3 97253 8d6f88 22 API calls 97176->97253 97177->97175 97181 912ce5 97179->97181 97180 8d2ecf 97182 8d9cb3 22 API calls 97180->97182 97270 8d3084 22 API calls 97181->97270 97183 8d2edc 97182->97183 97254 8da81b 41 API calls 97183->97254 97186 8d2eec 97188 8d9cb3 22 API calls 97186->97188 97187 912d02 97271 8d3084 22 API calls 97187->97271 97190 8d2f12 97188->97190 97255 8da81b 41 API calls 97190->97255 97192 912d1e 97193 8d3a5a 24 API calls 97192->97193 97195 912d44 97193->97195 97194 8d2f21 97198 8da961 22 API calls 97194->97198 97272 8d3084 22 API calls 97195->97272 97197 912d50 97273 8da8c7 22 API calls __fread_nolock 97197->97273 97200 8d2f3f 97198->97200 97256 8d3084 22 API calls 97200->97256 97201 912d5e 97274 8d3084 22 API calls 97201->97274 97204 8d2f4b 97257 8f4a28 40 API calls 3 library calls 97204->97257 97205 912d6d 97275 8da8c7 22 API calls __fread_nolock 97205->97275 97207 8d2f59 97207->97181 97208 8d2f63 97207->97208 97258 8f4a28 40 API calls 3 library calls 97208->97258 97211 912d83 97276 8d3084 22 API calls 97211->97276 97212 8d2f6e 97212->97187 97214 8d2f78 97212->97214 97259 8f4a28 40 API calls 3 library calls 97214->97259 97216 912d90 97217 8d2f83 97217->97192 97218 8d2f8d 97217->97218 97260 8f4a28 40 API calls 3 library calls 97218->97260 97220 8d2f98 97221 8d2fdc 97220->97221 97261 8d3084 22 API calls 97220->97261 97221->97205 97222 8d2fe8 97221->97222 97222->97216 97264 8d63eb 22 API calls 97222->97264 97225 8d2fbf 97262 8da8c7 22 API calls __fread_nolock 97225->97262 97226 8d2ff8 97265 8d6a50 22 API calls 97226->97265 97229 8d2fcd 97263 8d3084 22 API calls 97229->97263 97230 8d3006 97266 8d70b0 23 API calls 97230->97266 97235 8d3021 97236 8d3065 97235->97236 97267 8d6f88 22 API calls 97235->97267 97268 8d70b0 23 API calls 97235->97268 97269 8d3084 22 API calls 97235->97269 97239 8d4af0 __wsopen_s 97238->97239 97240 8d6b57 22 API calls 97239->97240 97241 8d4b22 97239->97241 97240->97241 97244 8d4b58 97241->97244 97277 8d4c6d 97241->97277 97243 8d4c29 97245 8d9cb3 22 API calls 97243->97245 97248 8d4c5e 97243->97248 97244->97243 97246 8d9cb3 22 API calls 97244->97246 97249 8d4c6d 22 API calls 97244->97249 97251 8d515f 22 API calls 97244->97251 97247 8d4c52 97245->97247 97246->97244 97250 8d515f 22 API calls 97247->97250 97248->97163 97249->97244 97250->97248 97251->97244 97252->97176 97253->97180 97254->97186 97255->97194 97256->97204 97257->97207 97258->97212 97259->97217 97260->97220 97261->97225 97262->97229 97263->97221 97264->97226 97265->97230 97266->97235 97267->97235 97268->97235 97269->97235 97270->97187 97271->97192 97272->97197 97273->97201 97274->97205 97275->97211 97276->97216 97278 8daec9 22 API calls 97277->97278 97279 8d4c78 97278->97279 97279->97241 97280 8d3156 97283 8d3170 97280->97283 97284 8d3187 97283->97284 97285 8d318c 97284->97285 97286 8d31eb 97284->97286 97323 8d31e9 97284->97323 97290 8d3199 97285->97290 97291 8d3265 PostQuitMessage 97285->97291 97288 912dfb 97286->97288 97289 8d31f1 97286->97289 97287 8d31d0 DefWindowProcW 97325 8d316a 97287->97325 97331 8d18e2 10 API calls 97288->97331 97292 8d321d SetTimer RegisterWindowMessageW 97289->97292 97293 8d31f8 97289->97293 97295 8d31a4 97290->97295 97296 912e7c 97290->97296 97291->97325 97300 8d3246 CreatePopupMenu 97292->97300 97292->97325 97297 8d3201 KillTimer 97293->97297 97298 912d9c 97293->97298 97301 8d31ae 97295->97301 97302 912e68 97295->97302 97335 93bf30 34 API calls ___scrt_fastfail 97296->97335 97307 8d30f2 Shell_NotifyIconW 97297->97307 97305 912da1 97298->97305 97306 912dd7 MoveWindow 97298->97306 97299 912e1c 97332 8ee499 42 API calls 97299->97332 97300->97325 97310 8d31b9 97301->97310 97311 912e4d 97301->97311 97334 93c161 27 API calls ___scrt_fastfail 97302->97334 97304 912e8e 97304->97287 97304->97325 97314 912da7 97305->97314 97315 912dc6 SetFocus 97305->97315 97306->97325 97316 8d3214 97307->97316 97312 8d31c4 97310->97312 97313 8d3253 97310->97313 97311->97287 97333 930ad7 22 API calls 97311->97333 97312->97287 97324 8d30f2 Shell_NotifyIconW 97312->97324 97329 8d326f 44 API calls ___scrt_fastfail 97313->97329 97314->97312 97319 912db0 97314->97319 97315->97325 97328 8d3c50 DeleteObject DestroyWindow 97316->97328 97317 8d3263 97317->97325 97330 8d18e2 10 API calls 97319->97330 97323->97287 97326 912e41 97324->97326 97327 8d3837 49 API calls 97326->97327 97327->97323 97328->97325 97329->97317 97330->97325 97331->97299 97332->97312 97333->97323 97334->97317 97335->97304 97336 8d1033 97341 8d4c91 97336->97341 97340 8d1042 97342 8da961 22 API calls 97341->97342 97343 8d4cff 97342->97343 97350 8d3af0 97343->97350 97345 913cb6 97347 8d4d9c 97347->97345 97348 8d1038 97347->97348 97353 8d51f7 22 API calls __fread_nolock 97347->97353 97349 8f00a3 29 API calls __onexit 97348->97349 97349->97340 97354 8d3b1c 97350->97354 97353->97347 97355 8d3b0f 97354->97355 97356 8d3b29 97354->97356 97355->97347 97356->97355 97357 8d3b30 RegOpenKeyExW 97356->97357 97357->97355 97358 8d3b4a RegQueryValueExW 97357->97358 97359 8d3b6b 97358->97359 97360 8d3b80 RegCloseKey 97358->97360 97359->97360 97360->97355

                                                                                                Executed Functions

                                                                                                Function 008D42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 234 8d42de-8d434d call 8da961 GetVersionExW call 8d6b57 239 913617-91362a 234->239 240 8d4353 234->240 241 91362b-91362f 239->241 242 8d4355-8d4357 240->242 243 913631 241->243 244 913632-91363e 241->244 245 8d435d-8d43bc call 8d93b2 call 8d37a0 242->245 246 913656 242->246 243->244 244->241 247 913640-913642 244->247 260 9137df-9137e6 245->260 261 8d43c2-8d43c4 245->261 250 91365d-913660 246->250 247->242 249 913648-91364f 247->249 249->239 252 913651 249->252 253 8d441b-8d4435 GetCurrentProcess IsWow64Process 250->253 254 913666-9136a8 250->254 252->246 257 8d4494-8d449a 253->257 258 8d4437 253->258 254->253 259 9136ae-9136b1 254->259 262 8d443d-8d4449 257->262 258->262 263 9136b3-9136bd 259->263 264 9136db-9136e5 259->264 268 913806-913809 260->268 269 9137e8 260->269 261->250 267 8d43ca-8d43dd 261->267 272 8d444f-8d445e LoadLibraryA 262->272 273 913824-913828 GetSystemInfo 262->273 265 9136ca-9136d6 263->265 266 9136bf-9136c5 263->266 270 9136e7-9136f3 264->270 271 9136f8-913702 264->271 265->253 266->253 274 913726-91372f 267->274 275 8d43e3-8d43e5 267->275 279 9137f4-9137fc 268->279 280 91380b-91381a 268->280 276 9137ee 269->276 270->253 277 913715-913721 271->277 278 913704-913710 271->278 281 8d449c-8d44a6 GetSystemInfo 272->281 282 8d4460-8d446e GetProcAddress 272->282 286 913731-913737 274->286 287 91373c-913748 274->287 284 8d43eb-8d43ee 275->284 285 91374d-913762 275->285 276->279 277->253 278->253 279->268 280->276 288 91381c-913822 280->288 283 8d4476-8d4478 281->283 282->281 289 8d4470-8d4474 GetNativeSystemInfo 282->289 294 8d447a-8d447b FreeLibrary 283->294 295 8d4481-8d4493 283->295 290 913791-913794 284->290 291 8d43f4-8d440f 284->291 292 913764-91376a 285->292 293 91376f-91377b 285->293 286->253 287->253 288->279 289->283 290->253 298 91379a-9137c1 290->298 296 913780-91378c 291->296 297 8d4415 291->297 292->253 293->253 294->295 296->253 297->253 299 9137c3-9137c9 298->299 300 9137ce-9137da 298->300 299->253 300->253
                                                                                                APIs
                                                                                                • GetVersionExW.KERNEL32(?), ref: 008D430D
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                • GetCurrentProcess.KERNEL32(?,0096CB64,00000000,?,?), ref: 008D4422
                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 008D4429
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 008D4454
                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 008D4466
                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 008D4474
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 008D447B
                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 008D44A0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                • API String ID: 3290436268-3101561225
                                                                                                • Opcode ID: 64c9ebf4c71618faefa4465e0028876133a38f852953e2a6ce5a2e1146f9e378
                                                                                                • Instruction ID: a8b8c5ec475c8d7d5011142bf4cfd5e74b8fdcdee39ea478ca9d9fac00ac2b40
                                                                                                • Opcode Fuzzy Hash: 64c9ebf4c71618faefa4465e0028876133a38f852953e2a6ce5a2e1146f9e378
                                                                                                • Instruction Fuzzy Hash: 0CA1F36192E2C4DFCF11CF697C411E83FA9BF23344F08999AE08193B21DE304588EBA5
                                                                                                Function 008D42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 638 8d42a2-8d42ba CreateStreamOnHGlobal 639 8d42bc-8d42d3 FindResourceExW 638->639 640 8d42da-8d42dd 638->640 641 8d42d9 639->641 642 9135ba-9135c9 LoadResource 639->642 641->640 642->641 643 9135cf-9135dd SizeofResource 642->643 643->641 644 9135e3-9135ee LockResource 643->644 644->641 645 9135f4-913612 644->645 645->641
                                                                                                APIs
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,008D50AA,?,?,00000000,00000000), ref: 008D42B2
                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008D50AA,?,?,00000000,00000000), ref: 008D42C9
                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,008D50AA,?,?,00000000,00000000,?,?,?,?,?,?,008D4F20), ref: 009135BE
                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,008D50AA,?,?,00000000,00000000,?,?,?,?,?,?,008D4F20), ref: 009135D3
                                                                                                • LockResource.KERNEL32(008D50AA,?,?,008D50AA,?,?,00000000,00000000,?,?,?,?,?,?,008D4F20,?), ref: 009135E6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                • String ID: SCRIPT
                                                                                                • API String ID: 3051347437-3967369404
                                                                                                • Opcode ID: 939cd59e68874e40a4f950b75e19d24c4a9dd0328e4d90787d00f0387a133be4
                                                                                                • Instruction ID: 4d19b1c1edd8295000cf4e4864495b9814edb47fcbd236e7015e630494fb9545
                                                                                                • Opcode Fuzzy Hash: 939cd59e68874e40a4f950b75e19d24c4a9dd0328e4d90787d00f0387a133be4
                                                                                                • Instruction Fuzzy Hash: CD117CB0200701BFE7218B65DC48F677BBAEBC5B51F10826EF856D6250DBB2D8009660
                                                                                                Function 00912BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 008D2B6B
                                                                                                  • Part of subcall function 008D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009A1418,?,008D2E7F,?,?,?,00000000), ref: 008D3A78
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00992224), ref: 00912C10
                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00992224), ref: 00912C17
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                • String ID: runas
                                                                                                • API String ID: 448630720-4000483414
                                                                                                • Opcode ID: f1302013f3a54634f8188a89e98b88d73868afe7709b9adf4a94e8bb6914a33f
                                                                                                • Instruction ID: a92cce5048da660babd6226e14a3f88ecc9035daa80abdb78047fc28ed6304ac
                                                                                                • Opcode Fuzzy Hash: f1302013f3a54634f8188a89e98b88d73868afe7709b9adf4a94e8bb6914a33f
                                                                                                • Instruction Fuzzy Hash: 42119331608345AAC718FF6CE8519BE77A4FBA5754F44062FF082923A2CF6189499753
                                                                                                Function 0093D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0093D501
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0093D50F
                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0093D52F
                                                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0093D5DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                                                • String ID:
                                                                                                • API String ID: 3243318325-0
                                                                                                • Opcode ID: bde2aa97a01fa860040929a6419f56fde0b68d776f8921b1071a16d84352ddad
                                                                                                • Instruction ID: 9b69b6b2171c267590eca777188d96252000b12e977375484c2a014f6247f381
                                                                                                • Opcode Fuzzy Hash: bde2aa97a01fa860040929a6419f56fde0b68d776f8921b1071a16d84352ddad
                                                                                                • Instruction Fuzzy Hash: 9031AF711083009FD304EF54D891AAFBBE8FF99354F14092EF591C22A1EB71AA48CB93
                                                                                                Function 0093DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 907 93dbbe-93dbda lstrlenW 908 93dc06 907->908 909 93dbdc-93dbe6 GetFileAttributesW 907->909 910 93dc09-93dc0d 908->910 909->910 911 93dbe8-93dbf7 FindFirstFileW 909->911 911->908 912 93dbf9-93dc04 FindClose 911->912 912->910
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(?,00915222), ref: 0093DBCE
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 0093DBDD
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0093DBEE
                                                                                                • FindClose.KERNEL32(00000000), ref: 0093DBFA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                • String ID:
                                                                                                • API String ID: 2695905019-0
                                                                                                • Opcode ID: 10c3ceaf4210e7a3de3d838c27418c93e8725cf3777607983a4a74528e42403a
                                                                                                • Instruction ID: 9834dee1a02e663fb45bf6ea50fcb91ec68b7e38fd21dc4fcba405a293639f68
                                                                                                • Opcode Fuzzy Hash: 10c3ceaf4210e7a3de3d838c27418c93e8725cf3777607983a4a74528e42403a
                                                                                                • Instruction Fuzzy Hash: B9F0A0B08399105782206B78AC1D8BA776C9E02374F10470AF8B6C20E0EBF0D9549AD5
                                                                                                Function 008F4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(009028E9,?,008F4CBE,009028E9,009988B8,0000000C,008F4E15,009028E9,00000002,00000000,?,009028E9), ref: 008F4D09
                                                                                                • TerminateProcess.KERNEL32(00000000,?,008F4CBE,009028E9,009988B8,0000000C,008F4E15,009028E9,00000002,00000000,?,009028E9), ref: 008F4D10
                                                                                                • ExitProcess.KERNEL32 ref: 008F4D22
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 1703294689-0
                                                                                                • Opcode ID: b6f76dcc3fc800fca9fc949152edcf47f765a3e2ee40a0e0bb0e07fd542fd572
                                                                                                • Instruction ID: 9452dedbb4ce4db278b649032b3b398c7d9ebec620da0cdf8fe4de9c4384fa2f
                                                                                                • Opcode Fuzzy Hash: b6f76dcc3fc800fca9fc949152edcf47f765a3e2ee40a0e0bb0e07fd542fd572
                                                                                                • Instruction Fuzzy Hash: F1E0B671014148AFDF11BF64DE0AE6A3F69FB85781B108019FD55CA222DB75DD42DB80
                                                                                                Function 008DD730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetInputState.USER32 ref: 008DD807
                                                                                                • timeGetTime.WINMM ref: 008DDA07
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008DDB28
                                                                                                • TranslateMessage.USER32(?), ref: 008DDB7B
                                                                                                • DispatchMessageW.USER32(?), ref: 008DDB89
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008DDB9F
                                                                                                • Sleep.KERNEL32(0000000A), ref: 008DDBB1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                • String ID:
                                                                                                • API String ID: 2189390790-0
                                                                                                • Opcode ID: 1ca1c8d0938ef7f193f573c65c161e6a4b833146a10cd0e599574fd8440d37bf
                                                                                                • Instruction ID: 7c640fc57ac962e957e47145a0ff39c27d26aa0dff18c1ef9d4730b939538e71
                                                                                                • Opcode Fuzzy Hash: 1ca1c8d0938ef7f193f573c65c161e6a4b833146a10cd0e599574fd8440d37bf
                                                                                                • Instruction Fuzzy Hash: C142DD70608351AFD728DF28D894BAABBE4FF86314F14861AF895C7391D771E844DB82
                                                                                                Function 008D2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 008D2D07
                                                                                                • RegisterClassExW.USER32(00000030), ref: 008D2D31
                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008D2D42
                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 008D2D5F
                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008D2D6F
                                                                                                • LoadIconW.USER32(000000A9), ref: 008D2D85
                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008D2D94
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                • API String ID: 2914291525-1005189915
                                                                                                • Opcode ID: 84090dd7e9c9e85012fa49cd461c44bef77b5e600bf57f0854bb143749822800
                                                                                                • Instruction ID: 3ddcf35233f9387d20599274e61eefabcb6644f19d849df5935777b89e458192
                                                                                                • Opcode Fuzzy Hash: 84090dd7e9c9e85012fa49cd461c44bef77b5e600bf57f0854bb143749822800
                                                                                                • Instruction Fuzzy Hash: 6221F4B5929318AFDF00DFA4EC49BEEBBB4FB49700F00411AF551A62A0D7B10544EF91
                                                                                                Function 0091065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 302 91065b-91068b call 91042f 305 9106a6-9106b2 call 905221 302->305 306 91068d-910698 call 8ff2c6 302->306 312 9106b4-9106c9 call 8ff2c6 call 8ff2d9 305->312 313 9106cb-910714 call 91039a 305->313 311 91069a-9106a1 call 8ff2d9 306->311 322 91097d-910983 311->322 312->311 320 910781-91078a GetFileType 313->320 321 910716-91071f 313->321 326 9107d3-9107d6 320->326 327 91078c-9107bd GetLastError call 8ff2a3 CloseHandle 320->327 324 910721-910725 321->324 325 910756-91077c GetLastError call 8ff2a3 321->325 324->325 331 910727-910754 call 91039a 324->331 325->311 329 9107d8-9107dd 326->329 330 9107df-9107e5 326->330 327->311 341 9107c3-9107ce call 8ff2d9 327->341 334 9107e9-910837 call 90516a 329->334 330->334 335 9107e7 330->335 331->320 331->325 344 910847-91086b call 91014d 334->344 345 910839-910845 call 9105ab 334->345 335->334 341->311 352 91086d 344->352 353 91087e-9108c1 344->353 345->344 351 91086f-910879 call 9086ae 345->351 351->322 352->351 354 9108c3-9108c7 353->354 355 9108e2-9108f0 353->355 354->355 358 9108c9-9108dd 354->358 359 9108f6-9108fa 355->359 360 91097b 355->360 358->355 359->360 361 9108fc-91092f CloseHandle call 91039a 359->361 360->322 364 910931-91095d GetLastError call 8ff2a3 call 905333 361->364 365 910963-910977 361->365 364->365 365->360
                                                                                                APIs
                                                                                                  • Part of subcall function 0091039A: CreateFileW.KERNEL32(00000000,00000000,?,00910704,?,?,00000000,?,00910704,00000000,0000000C), ref: 009103B7
                                                                                                • GetLastError.KERNEL32 ref: 0091076F
                                                                                                • __dosmaperr.LIBCMT ref: 00910776
                                                                                                • GetFileType.KERNEL32(00000000), ref: 00910782
                                                                                                • GetLastError.KERNEL32 ref: 0091078C
                                                                                                • __dosmaperr.LIBCMT ref: 00910795
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009107B5
                                                                                                • CloseHandle.KERNEL32(?), ref: 009108FF
                                                                                                • GetLastError.KERNEL32 ref: 00910931
                                                                                                • __dosmaperr.LIBCMT ref: 00910938
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                • String ID: H
                                                                                                • API String ID: 4237864984-2852464175
                                                                                                • Opcode ID: d8f34c0c9045c15bc633a2abda133e5d0dbfc346f7391980c36bd5768dbee659
                                                                                                • Instruction ID: b3df8fdf7ced1ac654c26930209196826a2bff7e1aa372a0585227252fd530fb
                                                                                                • Opcode Fuzzy Hash: d8f34c0c9045c15bc633a2abda133e5d0dbfc346f7391980c36bd5768dbee659
                                                                                                • Instruction Fuzzy Hash: 67A12632A141088FDF19AF68DC51BEE3BA4AF86324F14015DF815EB2D1C7769892DB91
                                                                                                Function 008D344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                  • Part of subcall function 008D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009A1418,?,008D2E7F,?,?,?,00000000), ref: 008D3A78
                                                                                                  • Part of subcall function 008D3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 008D3379
                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 008D356A
                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0091318D
                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 009131CE
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00913210
                                                                                                • _wcslen.LIBCMT ref: 00913277
                                                                                                • _wcslen.LIBCMT ref: 00913286
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                • API String ID: 98802146-2727554177
                                                                                                • Opcode ID: 0d70bb456016f3dcb0a3bd4cb14ca423c392c55abfd9078c6a85acd670c5522a
                                                                                                • Instruction ID: 0eec370abc4bbbecc5d3460978b0d7c14bda9fbae9f6ea0dc954bb64bb868108
                                                                                                • Opcode Fuzzy Hash: 0d70bb456016f3dcb0a3bd4cb14ca423c392c55abfd9078c6a85acd670c5522a
                                                                                                • Instruction Fuzzy Hash: 1B7191715183049EC714EF6DEC418ABBBE8FF86B40F40492EF585C7260EB759A48DB92
                                                                                                Function 008D2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 008D2B8E
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 008D2B9D
                                                                                                • LoadIconW.USER32(00000063), ref: 008D2BB3
                                                                                                • LoadIconW.USER32(000000A4), ref: 008D2BC5
                                                                                                • LoadIconW.USER32(000000A2), ref: 008D2BD7
                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 008D2BEF
                                                                                                • RegisterClassExW.USER32(?), ref: 008D2C40
                                                                                                  • Part of subcall function 008D2CD4: GetSysColorBrush.USER32(0000000F), ref: 008D2D07
                                                                                                  • Part of subcall function 008D2CD4: RegisterClassExW.USER32(00000030), ref: 008D2D31
                                                                                                  • Part of subcall function 008D2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008D2D42
                                                                                                  • Part of subcall function 008D2CD4: InitCommonControlsEx.COMCTL32(?), ref: 008D2D5F
                                                                                                  • Part of subcall function 008D2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008D2D6F
                                                                                                  • Part of subcall function 008D2CD4: LoadIconW.USER32(000000A9), ref: 008D2D85
                                                                                                  • Part of subcall function 008D2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008D2D94
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                • String ID: #$0$AutoIt v3
                                                                                                • API String ID: 423443420-4155596026
                                                                                                • Opcode ID: 0c364905eca3c0c9fc73b1315f3d5153ec065244b103a273da3e0d8d8616d346
                                                                                                • Instruction ID: 2ffc403f8c77fdc76c931948d968ccdf8f568e92a143849f8b3bbe1f023ebd54
                                                                                                • Opcode Fuzzy Hash: 0c364905eca3c0c9fc73b1315f3d5153ec065244b103a273da3e0d8d8616d346
                                                                                                • Instruction Fuzzy Hash: 7A21F8B4A28314AFDB109FA5EC55AA97FF4FF49B54F00001AF504A66A0DBB10540AF90
                                                                                                Function 008D3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 443 8d3170-8d3185 444 8d31e5-8d31e7 443->444 445 8d3187-8d318a 443->445 444->445 446 8d31e9 444->446 447 8d318c-8d3193 445->447 448 8d31eb 445->448 449 8d31d0-8d31d8 DefWindowProcW 446->449 452 8d3199-8d319e 447->452 453 8d3265-8d326d PostQuitMessage 447->453 450 912dfb-912e23 call 8d18e2 call 8ee499 448->450 451 8d31f1-8d31f6 448->451 454 8d31de-8d31e4 449->454 486 912e28-912e2f 450->486 456 8d321d-8d3244 SetTimer RegisterWindowMessageW 451->456 457 8d31f8-8d31fb 451->457 459 8d31a4-8d31a8 452->459 460 912e7c-912e90 call 93bf30 452->460 455 8d3219-8d321b 453->455 455->454 456->455 464 8d3246-8d3251 CreatePopupMenu 456->464 461 8d3201-8d320f KillTimer call 8d30f2 457->461 462 912d9c-912d9f 457->462 465 8d31ae-8d31b3 459->465 466 912e68-912e77 call 93c161 459->466 460->455 478 912e96 460->478 482 8d3214 call 8d3c50 461->482 469 912da1-912da5 462->469 470 912dd7-912df6 MoveWindow 462->470 464->455 474 8d31b9-8d31be 465->474 475 912e4d-912e54 465->475 466->455 479 912da7-912daa 469->479 480 912dc6-912dd2 SetFocus 469->480 470->455 476 8d31c4-8d31ca 474->476 477 8d3253-8d3263 call 8d326f 474->477 475->449 481 912e5a-912e63 call 930ad7 475->481 476->449 476->486 477->455 478->449 479->476 487 912db0-912dc1 call 8d18e2 479->487 480->455 481->449 482->455 486->449 491 912e35-912e48 call 8d30f2 call 8d3837 486->491 487->455 491->449
                                                                                                APIs
                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,008D316A,?,?), ref: 008D31D8
                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,008D316A,?,?), ref: 008D3204
                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008D3227
                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,008D316A,?,?), ref: 008D3232
                                                                                                • CreatePopupMenu.USER32 ref: 008D3246
                                                                                                • PostQuitMessage.USER32(00000000), ref: 008D3267
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                • String ID: TaskbarCreated
                                                                                                • API String ID: 129472671-2362178303
                                                                                                • Opcode ID: c432817598868a7aa3e4d6b199afcac26e0c41105617ca98705142b2cdc6e4b5
                                                                                                • Instruction ID: 1c2a356ec91149e5e6780fd1b4a021a3e9a68058ec175acfefc92fdc474a4bd2
                                                                                                • Opcode Fuzzy Hash: c432817598868a7aa3e4d6b199afcac26e0c41105617ca98705142b2cdc6e4b5
                                                                                                • Instruction Fuzzy Hash: 9E411975618209A7DF152F78AC0DBBA3B59FB46345F04032BF551C53A1CBA19A40A7E3
                                                                                                Function 008D1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 499 8d1410-8d1449 500 8d144f-8d1465 mciSendStringW 499->500 501 9124b8-9124b9 DestroyWindow 499->501 502 8d146b-8d1473 500->502 503 8d16c6-8d16d3 500->503 504 9124c4-9124d1 501->504 502->504 505 8d1479-8d1488 call 8d182e 502->505 506 8d16f8-8d16ff 503->506 507 8d16d5-8d16f0 UnregisterHotKey 503->507 509 912500-912507 504->509 510 9124d3-9124d6 504->510 520 8d148e-8d1496 505->520 521 91250e-91251a 505->521 506->502 508 8d1705 506->508 507->506 512 8d16f2-8d16f3 call 8d10d0 507->512 508->503 509->504 514 912509 509->514 515 9124e2-9124e5 FindClose 510->515 516 9124d8-9124e0 call 8d6246 510->516 512->506 514->521 519 9124eb-9124f8 515->519 516->519 519->509 522 9124fa-9124fb call 9432b1 519->522 523 8d149c-8d14c1 call 8dcfa0 520->523 524 912532-91253f 520->524 525 912524-91252b 521->525 526 91251c-91251e FreeLibrary 521->526 522->509 536 8d14f8-8d1503 OleUninitialize 523->536 537 8d14c3 523->537 531 912541-91255e VirtualFree 524->531 532 912566-91256d 524->532 525->521 530 91252d 525->530 526->525 530->524 531->532 534 912560-912561 call 943317 531->534 532->524 535 91256f 532->535 534->532 539 912574-912578 535->539 536->539 541 8d1509-8d150e 536->541 540 8d14c6-8d14f6 call 8d1a05 call 8d19ae 537->540 539->541 542 91257e-912584 539->542 540->536 544 912589-912596 call 9432eb 541->544 545 8d1514-8d151e 541->545 542->541 557 912598 544->557 548 8d1524-8d15a5 call 8d988f call 8d1944 call 8d17d5 call 8efe14 call 8d177c call 8d988f call 8dcfa0 call 8d17fe call 8efe14 545->548 549 8d1707-8d1714 call 8ef80e 545->549 562 91259d-9125bf call 8efdcd 548->562 589 8d15ab-8d15cf call 8efe14 548->589 549->548 559 8d171a 549->559 557->562 559->549 568 9125c1 562->568 571 9125c6-9125e8 call 8efdcd 568->571 576 9125ea 571->576 579 9125ef-912611 call 8efdcd 576->579 585 912613 579->585 588 912618-912625 call 9364d4 585->588 595 912627 588->595 589->571 594 8d15d5-8d15f9 call 8efe14 589->594 594->579 599 8d15ff-8d1619 call 8efe14 594->599 598 91262c-912639 call 8eac64 595->598 603 91263b 598->603 599->588 605 8d161f-8d1643 call 8d17d5 call 8efe14 599->605 606 912640-91264d call 943245 603->606 605->598 614 8d1649-8d1651 605->614 612 91264f 606->612 615 912654-912661 call 9432cc 612->615 614->606 616 8d1657-8d1675 call 8d988f call 8d190a 614->616 622 912663 615->622 616->615 624 8d167b-8d1689 616->624 625 912668-912675 call 9432cc 622->625 624->625 626 8d168f-8d16c5 call 8d988f * 3 call 8d1876 624->626 630 912677 625->630 630->630
                                                                                                APIs
                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 008D1459
                                                                                                • OleUninitialize.OLE32(?,00000000), ref: 008D14F8
                                                                                                • UnregisterHotKey.USER32(?), ref: 008D16DD
                                                                                                • DestroyWindow.USER32(?), ref: 009124B9
                                                                                                • FreeLibrary.KERNEL32(?), ref: 0091251E
                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0091254B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                • String ID: close all
                                                                                                • API String ID: 469580280-3243417748
                                                                                                • Opcode ID: b22ec165877fceac3a28547185fb6d16a91f07ac1656749f13f046fc2a3fcb77
                                                                                                • Instruction ID: 83f9d06cb60b7db0f4d30faed62a65727d2a5e912a2b7aa59d18644f664a42fe
                                                                                                • Opcode Fuzzy Hash: b22ec165877fceac3a28547185fb6d16a91f07ac1656749f13f046fc2a3fcb77
                                                                                                • Instruction Fuzzy Hash: 5DD17C317012129FCB29EF19D499A69F7A5FF05700F1442AEE44AAB362CB30EC62CF51
                                                                                                Function 008D2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 648 8d2c63-8d2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008D2C91
                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008D2CB2
                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,008D1CAD,?), ref: 008D2CC6
                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,008D1CAD,?), ref: 008D2CCF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$CreateShow
                                                                                                • String ID: AutoIt v3$edit
                                                                                                • API String ID: 1584632944-3779509399
                                                                                                • Opcode ID: f4beae62682a17838a1eec58b0dc1cb00d9e5be81f1f4f0fe2ebd8255c360b14
                                                                                                • Instruction ID: fa32e490bc31bdaad27e52e9f187525bcc281f0a1e727b6e49cc858e4ead15c1
                                                                                                • Opcode Fuzzy Hash: f4beae62682a17838a1eec58b0dc1cb00d9e5be81f1f4f0fe2ebd8255c360b14
                                                                                                • Instruction Fuzzy Hash: 47F0DAB65642A07AEB311B17AC08E772EBDDBC7F60F00005FF900A25A0CAA51850FAB0
                                                                                                Function 0095AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 763 95ad64-95ad9c call 8da961 call 8f2340 768 95add1-95add5 763->768 769 95ad9e-95adb5 call 8d7510 763->769 770 95add7-95adee call 8d7510 call 8d7620 768->770 771 95adf1-95adf5 768->771 769->768 777 95adb7-95adce call 8d7510 call 8d7620 769->777 770->771 775 95adf7-95ae0e call 8d7510 771->775 776 95ae3a 771->776 779 95ae3c-95ae40 775->779 786 95ae10-95ae21 call 8d9b47 775->786 776->779 777->768 783 95ae53-95aeae call 8f2340 call 8d7510 ShellExecuteExW 779->783 784 95ae42-95ae50 call 8db567 779->784 800 95aeb7-95aeb9 783->800 801 95aeb0-95aeb6 call 8efe14 783->801 784->783 786->776 799 95ae23-95ae2e call 8d7510 786->799 799->776 808 95ae30-95ae35 call 8da8c7 799->808 805 95aec2-95aec6 800->805 806 95aebb-95aec1 call 8efe14 800->806 801->800 810 95aec8-95aed6 805->810 811 95af0a-95af0e 805->811 806->805 808->776 816 95aed8 810->816 817 95aedb-95aeeb 810->817 812 95af10-95af19 811->812 813 95af1b-95af33 call 8dcfa0 811->813 818 95af6d-95af7b call 8d988f 812->818 813->818 826 95af35-95af46 GetProcessId 813->826 816->817 820 95aef0-95af08 call 8dcfa0 817->820 821 95aeed 817->821 820->818 821->820 828 95af4e-95af67 call 8dcfa0 CloseHandle 826->828 829 95af48 826->829 828->818 829->828
                                                                                                APIs
                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 0095AEA3
                                                                                                  • Part of subcall function 008D7620: _wcslen.LIBCMT ref: 008D7625
                                                                                                • GetProcessId.KERNEL32(00000000), ref: 0095AF38
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0095AF67
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                • String ID: <$@
                                                                                                • API String ID: 146682121-1426351568
                                                                                                • Opcode ID: 99f44c247894d36ac05ab72dfb72773c20bbf9bbd8b336a659b1e8f054d2ed00
                                                                                                • Instruction ID: 267d03a28a768f58bcd8fb6c1407cb85a49b44d4e6fc87d5053dbeb6ae0039dc
                                                                                                • Opcode Fuzzy Hash: 99f44c247894d36ac05ab72dfb72773c20bbf9bbd8b336a659b1e8f054d2ed00
                                                                                                • Instruction Fuzzy Hash: 09717A70A00215DFCB14DF59D485A9EBBF4FF08310F04869AE816AB362DB74ED49CB96
                                                                                                Function 008D3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 868 8d3b1c-8d3b27 869 8d3b99-8d3b9b 868->869 870 8d3b29-8d3b2e 868->870 871 8d3b8c-8d3b8f 869->871 870->869 872 8d3b30-8d3b48 RegOpenKeyExW 870->872 872->869 873 8d3b4a-8d3b69 RegQueryValueExW 872->873 874 8d3b6b-8d3b76 873->874 875 8d3b80-8d3b8b RegCloseKey 873->875 876 8d3b78-8d3b7a 874->876 877 8d3b90-8d3b97 874->877 875->871 878 8d3b7e 876->878 877->878 878->875
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,008D3B0F,SwapMouseButtons,00000004,?), ref: 008D3B40
                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,008D3B0F,SwapMouseButtons,00000004,?), ref: 008D3B61
                                                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,008D3B0F,SwapMouseButtons,00000004,?), ref: 008D3B83
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID: Control Panel\Mouse
                                                                                                • API String ID: 3677997916-824357125
                                                                                                • Opcode ID: ebfb85a062a4823d903f3867d9664bb5da6f408d8ef3cce6bedf8452b51ab871
                                                                                                • Instruction ID: 722129cbd6a28bee2a1903fbee969daa308fac33f43050e467fee4d34aa1bdb0
                                                                                                • Opcode Fuzzy Hash: ebfb85a062a4823d903f3867d9664bb5da6f408d8ef3cce6bedf8452b51ab871
                                                                                                • Instruction Fuzzy Hash: DE112AB5520208FFDB208FA5DC44AAEB7B8FF05764B10456BF845D7210D2719E40A761
                                                                                                Function 008D3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 009133A2
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 008D3A04
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                • String ID: Line:
                                                                                                • API String ID: 2289894680-1585850449
                                                                                                • Opcode ID: 8f4295574b32c124d73d2c227624ece83a547074f95546c795f456c474db352a
                                                                                                • Instruction ID: 4919f9e52370e8973ead643964b4d8d5d78fca657fda7ce9e88d2f6c87961ef3
                                                                                                • Opcode Fuzzy Hash: 8f4295574b32c124d73d2c227624ece83a547074f95546c795f456c474db352a
                                                                                                • Instruction Fuzzy Hash: F131CD71508308AAC725EB28DC45AEBB7E8FF41714F00462BF599C2291EF709A48C7D3
                                                                                                Function 008EFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 008F0668
                                                                                                  • Part of subcall function 008F32A4: RaiseException.KERNEL32(?,?,?,008F068A,?,009A1444,?,?,?,?,?,?,008F068A,008D1129,00998738,008D1129), ref: 008F3304
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 008F0685
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                • String ID: Unknown exception
                                                                                                • API String ID: 3476068407-410509341
                                                                                                • Opcode ID: 29b79df02930bf8d5bc94f4c6589a9e8a98e9b5ec7d3e74a73061298d1180677
                                                                                                • Instruction ID: a92089fbb00fb991a11e0059f99abfa8df70931bb39b90d93cf6d22f9a50308d
                                                                                                • Opcode Fuzzy Hash: 29b79df02930bf8d5bc94f4c6589a9e8a98e9b5ec7d3e74a73061298d1180677
                                                                                                • Instruction Fuzzy Hash: E5F0AF24A0030D6B8F00BAB9EC46DBE7B6CFE51354B604135BB14D6593EF71EA258A82
                                                                                                Function 008D10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 008D1BF4
                                                                                                  • Part of subcall function 008D1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 008D1BFC
                                                                                                  • Part of subcall function 008D1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 008D1C07
                                                                                                  • Part of subcall function 008D1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 008D1C12
                                                                                                  • Part of subcall function 008D1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 008D1C1A
                                                                                                  • Part of subcall function 008D1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 008D1C22
                                                                                                  • Part of subcall function 008D1B4A: RegisterWindowMessageW.USER32(00000004,?,008D12C4), ref: 008D1BA2
                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 008D136A
                                                                                                • OleInitialize.OLE32 ref: 008D1388
                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 009124AB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1986988660-0
                                                                                                • Opcode ID: d5cfb9f9875a5ecb3100dbb31cfe0d59c5ba6d9b7f6377cbf63e6f20a672a567
                                                                                                • Instruction ID: 91ca45c14daad1b90173e0973242b29bc1690e5c4c30518867bb1c9fdb254a67
                                                                                                • Opcode Fuzzy Hash: d5cfb9f9875a5ecb3100dbb31cfe0d59c5ba6d9b7f6377cbf63e6f20a672a567
                                                                                                • Instruction Fuzzy Hash: D4718CB8D293109EC798DF6DA8456553AE4FF8B394F14A22AA05AC7371E7344440AFC1
                                                                                                Function 009086AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,009085CC,?,00998CC8,0000000C), ref: 00908704
                                                                                                • GetLastError.KERNEL32(?,009085CC,?,00998CC8,0000000C), ref: 0090870E
                                                                                                • __dosmaperr.LIBCMT ref: 00908739
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                • String ID:
                                                                                                • API String ID: 490808831-0
                                                                                                • Opcode ID: 4e00e3c75d2ed91d7d1052aa3b6d9e27c145c7090186a50b0980cb125bdafef4
                                                                                                • Instruction ID: 4a6460917a52a995328ccf7a7ee08a340d3990bd47435240b5597a3dffb722b5
                                                                                                • Opcode Fuzzy Hash: 4e00e3c75d2ed91d7d1052aa3b6d9e27c145c7090186a50b0980cb125bdafef4
                                                                                                • Instruction Fuzzy Hash: 59014E32B056605ED6246334A849B7F6B4D4FD2778F3B011DF8549B1D3DEB2CC819690
                                                                                                Function 008E1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 008E17F6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Init_thread_footer
                                                                                                • String ID: CALL
                                                                                                • API String ID: 1385522511-4196123274
                                                                                                • Opcode ID: 26252cf40b33876a287ab8c608e24a87e9e15ad834090404d9e2145a9b214f2b
                                                                                                • Instruction ID: 6ba1d6169666ef3b362d542021e7a2598bb3d205b7374bac343f832df4de82d5
                                                                                                • Opcode Fuzzy Hash: 26252cf40b33876a287ab8c608e24a87e9e15ad834090404d9e2145a9b214f2b
                                                                                                • Instruction Fuzzy Hash: 6B228B706082819FCB14DF19C884A2ABBF1FF86314F14896DF496CB7A2D771E945CB92
                                                                                                Function 008D2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00912C8C
                                                                                                  • Part of subcall function 008D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008D3A97,?,?,008D2E7F,?,?,?,00000000), ref: 008D3AC2
                                                                                                  • Part of subcall function 008D2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 008D2DC4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                • String ID: X
                                                                                                • API String ID: 779396738-3081909835
                                                                                                • Opcode ID: d5fbd7b26c99f6323855e142bfae715d62d0454cdabba4d4f14284ae5f49c85a
                                                                                                • Instruction ID: 7f18f811a2cac9fde0c2d09e0fcc5930d1fec823dc1c3399ea11497ebda5066c
                                                                                                • Opcode Fuzzy Hash: d5fbd7b26c99f6323855e142bfae715d62d0454cdabba4d4f14284ae5f49c85a
                                                                                                • Instruction Fuzzy Hash: 9A218171A1025C9BCF41AF98C845BEE7BF8EF49314F00405AE545E7341DBB45A898BA2
                                                                                                Function 008D3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 008D3908
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_
                                                                                                • String ID:
                                                                                                • API String ID: 1144537725-0
                                                                                                • Opcode ID: db961cded80cf72239cb8e09da5010130ea44672c15374ba77c456707f47f68f
                                                                                                • Instruction ID: 64d231869eba707e801598b30dcec65a085ddec00dde164f04bddd8f5ba037f4
                                                                                                • Opcode Fuzzy Hash: db961cded80cf72239cb8e09da5010130ea44672c15374ba77c456707f47f68f
                                                                                                • Instruction Fuzzy Hash: AF314FB06087019FD721DF24D885797BBE8FB49718F000A2EF599D7350EBB1AA44DB92
                                                                                                Function 008D4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D4EDD,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4E9C
                                                                                                  • Part of subcall function 008D4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008D4EAE
                                                                                                  • Part of subcall function 008D4E90: FreeLibrary.KERNEL32(00000000,?,?,008D4EDD,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4EC0
                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4EFD
                                                                                                  • Part of subcall function 008D4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00913CDE,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4E62
                                                                                                  • Part of subcall function 008D4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008D4E74
                                                                                                  • Part of subcall function 008D4E59: FreeLibrary.KERNEL32(00000000,?,?,00913CDE,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4E87
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                • String ID:
                                                                                                • API String ID: 2632591731-0
                                                                                                • Opcode ID: 074f4cfb11a7b4079412e1cbe04926628d37def4e7470bb131d3c11df0841767
                                                                                                • Instruction ID: 80471a4d540ef9c704cd2dd9d2ed5f09364992e1d1f6d4aceb04a831c9e6e425
                                                                                                • Opcode Fuzzy Hash: 074f4cfb11a7b4079412e1cbe04926628d37def4e7470bb131d3c11df0841767
                                                                                                • Instruction Fuzzy Hash: 9111E332610209ABCF14AF78DC06FAD77A5FF40720F10852FF592E62E1EE709A459791
                                                                                                Function 00908402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __wsopen_s
                                                                                                • String ID:
                                                                                                • API String ID: 3347428461-0
                                                                                                • Opcode ID: 3293f3312e5cbd716db0704bad1df3d01082a54d7ff04b64af2a0e6b3af76375
                                                                                                • Instruction ID: 502eda9ad408d7d2795ac7edf31cc2604e215e1cc2b1a9b11061bb6bfb66c94d
                                                                                                • Opcode Fuzzy Hash: 3293f3312e5cbd716db0704bad1df3d01082a54d7ff04b64af2a0e6b3af76375
                                                                                                • Instruction Fuzzy Hash: C8111875A0410AAFCF05DF58E941ADF7BF9EF48314F104059F808AB352DA31DA11CBA5
                                                                                                Function 00905000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00904C7D: RtlAllocateHeap.NTDLL(00000008,008D1129,00000000,?,00902E29,00000001,00000364,?,?,?,008FF2DE,00903863,009A1444,?,008EFDF5,?), ref: 00904CBE
                                                                                                • _free.LIBCMT ref: 0090506C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 614378929-0
                                                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                • Instruction ID: 85334f52cb6a6032a59a48a8700dc8cc91888705ae47793eea5daaadc4ccd741
                                                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                • Instruction Fuzzy Hash: 64012B722047046FE3218F559845A5AFBECFB85370F25091DE194932C0E6306805CA74
                                                                                                Function 008FE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                • Instruction ID: 6c17e560e938873b6a080987db57f2232fb936e563b96afd82203254992eea7b
                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                • Instruction Fuzzy Hash: 71F0F932510A1C9AC6313E798C09B7B3398EFA2334F100715F721D61E2DF78A401C5A6
                                                                                                Function 00904C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000008,008D1129,00000000,?,00902E29,00000001,00000364,?,?,?,008FF2DE,00903863,009A1444,?,008EFDF5,?), ref: 00904CBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 720a8714eb5a91b2c0681e51fd3f28f8677adea792acba6f8e280542188f6e6b
                                                                                                • Instruction ID: 9b1f2ffde36917602f0c8ba9731d9231acaeab9a7d907ad1bebad5c99476403d
                                                                                                • Opcode Fuzzy Hash: 720a8714eb5a91b2c0681e51fd3f28f8677adea792acba6f8e280542188f6e6b
                                                                                                • Instruction Fuzzy Hash: FCF0F0712062386BEB201E369C08BAA378CFF413A0B048112FA89E61C0CA70D80046E0
                                                                                                Function 00903820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,009A1444,?,008EFDF5,?,?,008DA976,00000010,009A1440,008D13FC,?,008D13C6,?,008D1129), ref: 00903852
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: bf979dc1f44a8c7f31a408acbef22fcd5a22354bf947b17a2f1e3cae2c11e20d
                                                                                                • Instruction ID: 86e0870513f40f822a1ee5f3b50067ddc314e88da23abae68f69764e6159f91f
                                                                                                • Opcode Fuzzy Hash: bf979dc1f44a8c7f31a408acbef22fcd5a22354bf947b17a2f1e3cae2c11e20d
                                                                                                • Instruction Fuzzy Hash: D7E0E5311042285FD7212A7A9C00BAB365CEF427B0F05C0A1FD05D28D1CB61DE0191E1
                                                                                                Function 008D4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FreeLibrary.KERNEL32(?,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4F6D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeLibrary
                                                                                                • String ID:
                                                                                                • API String ID: 3664257935-0
                                                                                                • Opcode ID: a999ce8ab1f3900e95c0554a6dcb0196e61826f3a0b4eded3944be689b633ed5
                                                                                                • Instruction ID: 8ae1c8d7314b05af9bdcb80a8703d731c6704c842101652847b1e46f6937a75e
                                                                                                • Opcode Fuzzy Hash: a999ce8ab1f3900e95c0554a6dcb0196e61826f3a0b4eded3944be689b633ed5
                                                                                                • Instruction Fuzzy Hash: 15F015B1109756CFDB349F64D490822BBE4FF143293209A6FE2EAC2621CB319844DB10
                                                                                                Function 008D30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 008D314E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_
                                                                                                • String ID:
                                                                                                • API String ID: 1144537725-0
                                                                                                • Opcode ID: e7d6e02336765a96fc875c3147d38674a5aae24f4a5dddfbabded4987fe14328
                                                                                                • Instruction ID: 7f1518e097c1be21fccbfc883efa73872d6177b97fb7a4e50687c9ab888eea8c
                                                                                                • Opcode Fuzzy Hash: e7d6e02336765a96fc875c3147d38674a5aae24f4a5dddfbabded4987fe14328
                                                                                                • Instruction Fuzzy Hash: B6F037709143589FEB52DF24DC457D67BBCBB01708F0001E9A688D6291DBB45788CF92
                                                                                                Function 008D2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 008D2DC4
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongNamePath_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 541455249-0
                                                                                                • Opcode ID: a31b19372e3c5e8014dc036af66a8a14633c150857e78e5e574aaa85ed7cbf2d
                                                                                                • Instruction ID: 30c62d60e168c75eaebf95b61c89dad850c1ac88db8fadb3ed3a7a49e85dc51a
                                                                                                • Opcode Fuzzy Hash: a31b19372e3c5e8014dc036af66a8a14633c150857e78e5e574aaa85ed7cbf2d
                                                                                                • Instruction Fuzzy Hash: 94E0CD727041285BC710A2589C05FEA77DDEFC87D0F040176FD09D7348DA60ED808551
                                                                                                Function 008D2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 008D3908
                                                                                                  • Part of subcall function 008DD730: GetInputState.USER32 ref: 008DD807
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 008D2B6B
                                                                                                  • Part of subcall function 008D30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 008D314E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                • String ID:
                                                                                                • API String ID: 3667716007-0
                                                                                                • Opcode ID: ee70c82e6f47a1c18cd53d41f2e5a5f4cb2fe4dd9a9064a02e5629291b0cfc08
                                                                                                • Instruction ID: fa81f8094dea7678fd27209dd976391c7ceefa568f7a8ef781abb65988425d4a
                                                                                                • Opcode Fuzzy Hash: ee70c82e6f47a1c18cd53d41f2e5a5f4cb2fe4dd9a9064a02e5629291b0cfc08
                                                                                                • Instruction Fuzzy Hash: B6E0862170424406C604BB7DA85257DA799FBD6361F40173FF182C3372CE6449455253
                                                                                                Function 0091039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00910704,?,?,00000000,?,00910704,00000000,0000000C), ref: 009103B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 0817304445e3c6cd405f211fea00507f0dd649f8508cc1d72c0dc0f62eaf9127
                                                                                                • Instruction ID: 1929a58121be6a3eeecee34366e067c59da13d83fdedb2caa6e14df19466fcd4
                                                                                                • Opcode Fuzzy Hash: 0817304445e3c6cd405f211fea00507f0dd649f8508cc1d72c0dc0f62eaf9127
                                                                                                • Instruction Fuzzy Hash: A5D06C3205410DBBDF028F84DD06EDA3BAAFB48714F014000FE5856020C772E821AB90
                                                                                                Function 008D1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 008D1CBC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoParametersSystem
                                                                                                • String ID:
                                                                                                • API String ID: 3098949447-0
                                                                                                • Opcode ID: b27556c1a15fe927eb3b9e44ef1b9450a5d177f31f007b20dd41941a65d8fd20
                                                                                                • Instruction ID: 4cfbd246ee854d20abfb451093493ae5a713c82648a36472e6ec1a765a1334ba
                                                                                                • Opcode Fuzzy Hash: b27556c1a15fe927eb3b9e44ef1b9450a5d177f31f007b20dd41941a65d8fd20
                                                                                                • Instruction Fuzzy Hash: 8BC09B3529C3049FF7144B84BC4AF107754B749B10F044001F649555E3C7E11410FAD0

                                                                                                Non-executed Functions

                                                                                                Function 00969576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0096961A
                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0096965B
                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0096969F
                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009696C9
                                                                                                • SendMessageW.USER32 ref: 009696F2
                                                                                                • GetKeyState.USER32(00000011), ref: 0096978B
                                                                                                • GetKeyState.USER32(00000009), ref: 00969798
                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009697AE
                                                                                                • GetKeyState.USER32(00000010), ref: 009697B8
                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009697E9
                                                                                                • SendMessageW.USER32 ref: 00969810
                                                                                                • SendMessageW.USER32(?,00001030,?,00967E95), ref: 00969918
                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0096992E
                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00969941
                                                                                                • SetCapture.USER32(?), ref: 0096994A
                                                                                                • ClientToScreen.USER32(?,?), ref: 009699AF
                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009699BC
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009699D6
                                                                                                • ReleaseCapture.USER32 ref: 009699E1
                                                                                                • GetCursorPos.USER32(?), ref: 00969A19
                                                                                                • ScreenToClient.USER32(?,?), ref: 00969A26
                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00969A80
                                                                                                • SendMessageW.USER32 ref: 00969AAE
                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00969AEB
                                                                                                • SendMessageW.USER32 ref: 00969B1A
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00969B3B
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00969B4A
                                                                                                • GetCursorPos.USER32(?), ref: 00969B68
                                                                                                • ScreenToClient.USER32(?,?), ref: 00969B75
                                                                                                • GetParent.USER32(?), ref: 00969B93
                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00969BFA
                                                                                                • SendMessageW.USER32 ref: 00969C2B
                                                                                                • ClientToScreen.USER32(?,?), ref: 00969C84
                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00969CB4
                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00969CDE
                                                                                                • SendMessageW.USER32 ref: 00969D01
                                                                                                • ClientToScreen.USER32(?,?), ref: 00969D4E
                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00969D82
                                                                                                  • Part of subcall function 008E9944: GetWindowLongW.USER32(?,000000EB), ref: 008E9952
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00969E05
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                • API String ID: 3429851547-4164748364
                                                                                                • Opcode ID: c6b002390ea371f59a04461100e14414de87ce636ce123741a5572f686fc38ce
                                                                                                • Instruction ID: 3eedbd8d7a8cacb3c49d577d93c519c424310e86c27bd5ead8a546a0d74b2bbb
                                                                                                • Opcode Fuzzy Hash: c6b002390ea371f59a04461100e14414de87ce636ce123741a5572f686fc38ce
                                                                                                • Instruction Fuzzy Hash: 82428E74218341AFDB25CF28CC44AAABBEDFF89314F140A1DF599872A1D771E850DB92
                                                                                                Function 00964873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009648F3
                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00964908
                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00964927
                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0096494B
                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0096495C
                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0096497B
                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009649AE
                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009649D4
                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00964A0F
                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00964A56
                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00964A7E
                                                                                                • IsMenu.USER32(?), ref: 00964A97
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00964AF2
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00964B20
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00964B94
                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00964BE3
                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00964C82
                                                                                                • wsprintfW.USER32 ref: 00964CAE
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00964CC9
                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00964CF1
                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00964D13
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00964D33
                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00964D5A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                • String ID: %d/%02d/%02d
                                                                                                • API String ID: 4054740463-328681919
                                                                                                • Opcode ID: 46c51634be5e9abd0e98ae3f8b64d4e8ac98d5fcee253eceb98fabb2c932f978
                                                                                                • Instruction ID: 7c7d424f04862a627fdca2e45a719ef6e44684c494bd17dc035eca45195b4054
                                                                                                • Opcode Fuzzy Hash: 46c51634be5e9abd0e98ae3f8b64d4e8ac98d5fcee253eceb98fabb2c932f978
                                                                                                • Instruction Fuzzy Hash: 6C12FE71600255ABEB248FA8DC49FBE7BF8EF45710F104129F516EB2E1DBB8A940CB50
                                                                                                Function 008EF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 008EF998
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0092F474
                                                                                                • IsIconic.USER32(00000000), ref: 0092F47D
                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 0092F48A
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0092F494
                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0092F4AA
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0092F4B1
                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0092F4BD
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0092F4CE
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0092F4D6
                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0092F4DE
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0092F4E1
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0092F4F6
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0092F501
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0092F50B
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0092F510
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0092F519
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0092F51E
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0092F528
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0092F52D
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0092F530
                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0092F557
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 4125248594-2988720461
                                                                                                • Opcode ID: 0dca2db3ed9363716eabcd46bc849e1a9df2c51fb607203e6dd14df841351da5
                                                                                                • Instruction ID: b2aca85c146c2b6e4cf36cabb71588f61efb9849d61b5cbe321e73abc3bc6654
                                                                                                • Opcode Fuzzy Hash: 0dca2db3ed9363716eabcd46bc849e1a9df2c51fb607203e6dd14df841351da5
                                                                                                • Instruction Fuzzy Hash: 0A3154B1A54228BBEB206FB59C4AFBF7E7CEB44B50F10046AF641E61D1C6F15D00BA61
                                                                                                Function 00931201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0093170D
                                                                                                  • Part of subcall function 009316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0093173A
                                                                                                  • Part of subcall function 009316C3: GetLastError.KERNEL32 ref: 0093174A
                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00931286
                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 009312A8
                                                                                                • CloseHandle.KERNEL32(?), ref: 009312B9
                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 009312D1
                                                                                                • GetProcessWindowStation.USER32 ref: 009312EA
                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 009312F4
                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00931310
                                                                                                  • Part of subcall function 009310BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009311FC), ref: 009310D4
                                                                                                  • Part of subcall function 009310BF: CloseHandle.KERNEL32(?,?,009311FC), ref: 009310E9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                • String ID: $default$winsta0
                                                                                                • API String ID: 22674027-1027155976
                                                                                                • Opcode ID: 9879ffc172a118c1ea21cee4f649b1357678b0b9c134a1f75db89aa8dcde9e2d
                                                                                                • Instruction ID: 496889f8ae3722d3fde68ae070c5c3b9257285a7d119309cc6e34a14a6e89863
                                                                                                • Opcode Fuzzy Hash: 9879ffc172a118c1ea21cee4f649b1357678b0b9c134a1f75db89aa8dcde9e2d
                                                                                                • Instruction Fuzzy Hash: A68176B1900209ABDF219FA8DC49BFF7BB9EF04704F14412AFA11A62B0CB758944DF25
                                                                                                Function 00930B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00931114
                                                                                                  • Part of subcall function 009310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 00931120
                                                                                                  • Part of subcall function 009310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 0093112F
                                                                                                  • Part of subcall function 009310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 00931136
                                                                                                  • Part of subcall function 009310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0093114D
                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00930BCC
                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00930C00
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00930C17
                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00930C51
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00930C6D
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00930C84
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00930C8C
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00930C93
                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00930CB4
                                                                                                • CopySid.ADVAPI32(00000000), ref: 00930CBB
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00930CEA
                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00930D0C
                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00930D1E
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00930D45
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930D4C
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00930D55
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930D5C
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00930D65
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930D6C
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00930D78
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930D7F
                                                                                                  • Part of subcall function 00931193: GetProcessHeap.KERNEL32(00000008,00930BB1,?,00000000,?,00930BB1,?), ref: 009311A1
                                                                                                  • Part of subcall function 00931193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00930BB1,?), ref: 009311A8
                                                                                                  • Part of subcall function 00931193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00930BB1,?), ref: 009311B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                • String ID:
                                                                                                • API String ID: 4175595110-0
                                                                                                • Opcode ID: aae621a0891afb88b6af5b27112f54c6f4d4868601bead77f8b3cda6f1d7a2ee
                                                                                                • Instruction ID: a007858a9c1141aa277380ab08c7d9a63524b1e16fbc4fa7e9a35298d15415ce
                                                                                                • Opcode Fuzzy Hash: aae621a0891afb88b6af5b27112f54c6f4d4868601bead77f8b3cda6f1d7a2ee
                                                                                                • Instruction Fuzzy Hash: 8C7159B290420AABDF10DFE4DC45BAEBBBCBF45300F044559F964A7291D7B1AA05CFA0
                                                                                                Function 0094EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenClipboard.USER32(0096CC08), ref: 0094EB29
                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0094EB37
                                                                                                • GetClipboardData.USER32(0000000D), ref: 0094EB43
                                                                                                • CloseClipboard.USER32 ref: 0094EB4F
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0094EB87
                                                                                                • CloseClipboard.USER32 ref: 0094EB91
                                                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0094EBBC
                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0094EBC9
                                                                                                • GetClipboardData.USER32(00000001), ref: 0094EBD1
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0094EBE2
                                                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 0094EC22
                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 0094EC38
                                                                                                • GetClipboardData.USER32(0000000F), ref: 0094EC44
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0094EC55
                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0094EC77
                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0094EC94
                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0094ECD2
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0094ECF3
                                                                                                • CountClipboardFormats.USER32 ref: 0094ED14
                                                                                                • CloseClipboard.USER32 ref: 0094ED59
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                • String ID:
                                                                                                • API String ID: 420908878-0
                                                                                                • Opcode ID: 56cdfd4bd7c845aca3375620f6e66d73dcc8209fef69b3234461c33d20151815
                                                                                                • Instruction ID: d58bff8763fb1ea24e0b335cbb63e8a35bd519cd5288576e2442ad81c6ffec61
                                                                                                • Opcode Fuzzy Hash: 56cdfd4bd7c845aca3375620f6e66d73dcc8209fef69b3234461c33d20151815
                                                                                                • Instruction Fuzzy Hash: 7061AD74208202AFD310EF24D895F3A77A8FF84714F14451EF896D72A2DB71E905DBA2
                                                                                                Function 0094698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 009469BE
                                                                                                • FindClose.KERNEL32(00000000), ref: 00946A12
                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00946A4E
                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00946A75
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00946AB2
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00946ADF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                • API String ID: 3830820486-3289030164
                                                                                                • Opcode ID: 7324e9d82cd3751d396d682631498d5e94426a304c0ebf20207fe39b6c1e5de6
                                                                                                • Instruction ID: 1c5b44e10e913b3abed6cae3ac69a7ec9a6f3ffa8eac0999be3b5e03903d230a
                                                                                                • Opcode Fuzzy Hash: 7324e9d82cd3751d396d682631498d5e94426a304c0ebf20207fe39b6c1e5de6
                                                                                                • Instruction Fuzzy Hash: D6D131B1508340AEC714EBA4C891EABB7ECFF89704F44491EF585D6291EB74DA44CB63
                                                                                                Function 00949642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00949663
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 009496A1
                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 009496BB
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 009496D3
                                                                                                • FindClose.KERNEL32(00000000), ref: 009496DE
                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 009496FA
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0094974A
                                                                                                • SetCurrentDirectoryW.KERNEL32(00996B7C), ref: 00949768
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00949772
                                                                                                • FindClose.KERNEL32(00000000), ref: 0094977F
                                                                                                • FindClose.KERNEL32(00000000), ref: 0094978F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1409584000-438819550
                                                                                                • Opcode ID: 3b1964d61b77c62cb1505d682926fbf1ccc6795eb7518d43fb9aa169953bbb82
                                                                                                • Instruction ID: 7496e2e29be76a4d1827e313e629b4684fa40bee02afcef172dc28241bf3f9b3
                                                                                                • Opcode Fuzzy Hash: 3b1964d61b77c62cb1505d682926fbf1ccc6795eb7518d43fb9aa169953bbb82
                                                                                                • Instruction Fuzzy Hash: BA31E2726042196EDF10EFB8DC08EEF77ACAF49320F10415AF955E21A0EB74DE408B14
                                                                                                Function 0094979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 009497BE
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00949819
                                                                                                • FindClose.KERNEL32(00000000), ref: 00949824
                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00949840
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00949890
                                                                                                • SetCurrentDirectoryW.KERNEL32(00996B7C), ref: 009498AE
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 009498B8
                                                                                                • FindClose.KERNEL32(00000000), ref: 009498C5
                                                                                                • FindClose.KERNEL32(00000000), ref: 009498D5
                                                                                                  • Part of subcall function 0093DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0093DB00
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                • String ID: *.*
                                                                                                • API String ID: 2640511053-438819550
                                                                                                • Opcode ID: 7e504acd9cd80a5b27f1fa4e52e2558a1f261abcee3b26ff22b23a25d2cd7a8b
                                                                                                • Instruction ID: 8d4119ceb44c42f70e2a3121ea2fdf9b2e1af12271a854d6df43451c70019666
                                                                                                • Opcode Fuzzy Hash: 7e504acd9cd80a5b27f1fa4e52e2558a1f261abcee3b26ff22b23a25d2cd7a8b
                                                                                                • Instruction Fuzzy Hash: 3331C1715042196EDF10EFB8EC58EEF77ACAF46324F10415AF954E2290EB70DA448A20
                                                                                                Function 0095BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0095C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0095B6AE,?,?), ref: 0095C9B5
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095C9F1
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA68
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0095BF3E
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0095BFA9
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0095BFCD
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0095C02C
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0095C0E7
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0095C154
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0095C1E9
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0095C23A
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0095C2E3
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0095C382
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0095C38F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                • String ID:
                                                                                                • API String ID: 3102970594-0
                                                                                                • Opcode ID: 62bd928c5aaad8fbfbdb6d55e3e8661f3a03904636692c162219b80c9fdb611c
                                                                                                • Instruction ID: 7af59f76fc841ececc99ae1b30ff3145e10ef22f6aaeeb6d74fa8c50a945aa92
                                                                                                • Opcode Fuzzy Hash: 62bd928c5aaad8fbfbdb6d55e3e8661f3a03904636692c162219b80c9fdb611c
                                                                                                • Instruction Fuzzy Hash: A9024DB1604200AFC714DF29C895E2ABBE5FF89314F18859DF84ADB2A2D731ED45CB52
                                                                                                Function 00948195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLocalTime.KERNEL32(?), ref: 00948257
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00948267
                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00948273
                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00948310
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00948324
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00948356
                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0094838C
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00948395
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1464919966-438819550
                                                                                                • Opcode ID: c633c1e3f1066a21b63b843997773f578a68ffe5c15c71a0cca9d63d17591c67
                                                                                                • Instruction ID: 99072dcb40c69a8befad2338b08725772c00935b588f55b60e7e0c4528ae6aee
                                                                                                • Opcode Fuzzy Hash: c633c1e3f1066a21b63b843997773f578a68ffe5c15c71a0cca9d63d17591c67
                                                                                                • Instruction Fuzzy Hash: 536125B25082059FCB10EF64D840DAFB3E8FF89314F04891AF999D7251EB75E945CB92
                                                                                                Function 0093D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008D3A97,?,?,008D2E7F,?,?,?,00000000), ref: 008D3AC2
                                                                                                  • Part of subcall function 0093E199: GetFileAttributesW.KERNEL32(?,0093CF95), ref: 0093E19A
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0093D122
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0093D1DD
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0093D1F0
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 0093D20D
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0093D237
                                                                                                  • Part of subcall function 0093D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0093D21C,?,?), ref: 0093D2B2
                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 0093D253
                                                                                                • FindClose.KERNEL32(00000000), ref: 0093D264
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 1946585618-1173974218
                                                                                                • Opcode ID: 2594f32aea1cadad3648ba4282a505e2e7e8877ae583d73781ab765f53e57139
                                                                                                • Instruction ID: fee398476957cd63109075bfffec116cd693ecbb8b76d000552a8acb4fa28d76
                                                                                                • Opcode Fuzzy Hash: 2594f32aea1cadad3648ba4282a505e2e7e8877ae583d73781ab765f53e57139
                                                                                                • Instruction Fuzzy Hash: 09617D3190610DABCF05EBE4E9629EEB779EF55300F244166E451B3291EB30AF09DF62
                                                                                                Function 0094ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                • String ID:
                                                                                                • API String ID: 1737998785-0
                                                                                                • Opcode ID: 92b4579b180951771c5eaa4b37de477c6334b03c264cae85de3144f1462d5387
                                                                                                • Instruction ID: 24eb98c36c83a4679a672b722a88d84352c6c89f60e53f9c05982da4ab6fac5d
                                                                                                • Opcode Fuzzy Hash: 92b4579b180951771c5eaa4b37de477c6334b03c264cae85de3144f1462d5387
                                                                                                • Instruction Fuzzy Hash: 7B41AC71608612AFD710CF19D888F2ABBA5FF44318F14819DE4568B6A2C7B5EC41CB90
                                                                                                Function 0093E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0093170D
                                                                                                  • Part of subcall function 009316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0093173A
                                                                                                  • Part of subcall function 009316C3: GetLastError.KERNEL32 ref: 0093174A
                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 0093E932
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                • API String ID: 2234035333-3163812486
                                                                                                • Opcode ID: c14d55b1ee718862845b02330738780213e6aded53dc6baca7c56b60ecf19414
                                                                                                • Instruction ID: 977a4101356cf86e9b29f1e963dec52a9963876bee8cc0048cb14515e6ef2418
                                                                                                • Opcode Fuzzy Hash: c14d55b1ee718862845b02330738780213e6aded53dc6baca7c56b60ecf19414
                                                                                                • Instruction Fuzzy Hash: D5017D73724210AFEF2422B49C86FBF725C9704790F150822FC03F31D1D5A49C409B90
                                                                                                Function 00951204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • socket.WSOCK32(00000002,00000001,00000006), ref: 00951276
                                                                                                • WSAGetLastError.WSOCK32 ref: 00951283
                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 009512BA
                                                                                                • WSAGetLastError.WSOCK32 ref: 009512C5
                                                                                                • closesocket.WSOCK32(00000000), ref: 009512F4
                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00951303
                                                                                                • WSAGetLastError.WSOCK32 ref: 0095130D
                                                                                                • closesocket.WSOCK32(00000000), ref: 0095133C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                • String ID:
                                                                                                • API String ID: 540024437-0
                                                                                                • Opcode ID: ad197fda47420efb92ac01ea482ffb2717aef116272b668cdc6f12ed42c3e0c5
                                                                                                • Instruction ID: e465f1eb60030887678b0aeac919ba2476ec1ad3a82185a279dd6f6662281401
                                                                                                • Opcode Fuzzy Hash: ad197fda47420efb92ac01ea482ffb2717aef116272b668cdc6f12ed42c3e0c5
                                                                                                • Instruction Fuzzy Hash: 9E418E716001019FD720DF29C488B29BBE5BF86319F188199E8668F292C775EC85CBE1
                                                                                                Function 0093D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008D3A97,?,?,008D2E7F,?,?,?,00000000), ref: 008D3AC2
                                                                                                  • Part of subcall function 0093E199: GetFileAttributesW.KERNEL32(?,0093CF95), ref: 0093E19A
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0093D420
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 0093D470
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0093D481
                                                                                                • FindClose.KERNEL32(00000000), ref: 0093D498
                                                                                                • FindClose.KERNEL32(00000000), ref: 0093D4A1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 2649000838-1173974218
                                                                                                • Opcode ID: 5305c998391f3ade08177c9f770a334fc667f5083c8ccfd46452aeedfca90fb9
                                                                                                • Instruction ID: c6330de62a3895457018798b77d2f3c834796eed34d805b66025288a87c7fcbe
                                                                                                • Opcode Fuzzy Hash: 5305c998391f3ade08177c9f770a334fc667f5083c8ccfd46452aeedfca90fb9
                                                                                                • Instruction Fuzzy Hash: 2131617101D3459BC305EF64D8A58AF77A8FE91314F444A1EF4E1922A1EB20EA099B63
                                                                                                Function 0090E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __floor_pentium4
                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                • API String ID: 4168288129-2761157908
                                                                                                • Opcode ID: 6594b5b62a681503a32a3024aab2d93aac909623ddffdf9014bd53191e41e191
                                                                                                • Instruction ID: d9adde69acd92d748f0571011e724ce4133b7bf0814924c0e3b817130642eab5
                                                                                                • Opcode Fuzzy Hash: 6594b5b62a681503a32a3024aab2d93aac909623ddffdf9014bd53191e41e191
                                                                                                • Instruction Fuzzy Hash: F3C23E72E086298FDB75CE28DD507E9B7B9EB44304F1445EAD84DE7280E779AE818F40
                                                                                                Function 0094648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 009464DC
                                                                                                • CoInitialize.OLE32(00000000), ref: 00946639
                                                                                                • CoCreateInstance.OLE32(0096FCF8,00000000,00000001,0096FB68,?), ref: 00946650
                                                                                                • CoUninitialize.OLE32 ref: 009468D4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                • String ID: .lnk
                                                                                                • API String ID: 886957087-24824748
                                                                                                • Opcode ID: 1bef234258ae757271e602919d7f2c0ec6881f70aed425fe05850888fde14048
                                                                                                • Instruction ID: ea275836dcf62c1c5c2bf24c50c258492de2f139fdb3cb6fdefc1564df37dd0a
                                                                                                • Opcode Fuzzy Hash: 1bef234258ae757271e602919d7f2c0ec6881f70aed425fe05850888fde14048
                                                                                                • Instruction Fuzzy Hash: 2BD126B1518201AFC314EF28C881E6AB7E9FF99704F40496DF595CB2A1EB70ED05CB92
                                                                                                Function 009522DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 009522E8
                                                                                                  • Part of subcall function 0094E4EC: GetWindowRect.USER32(?,?), ref: 0094E504
                                                                                                • GetDesktopWindow.USER32 ref: 00952312
                                                                                                • GetWindowRect.USER32(00000000), ref: 00952319
                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00952355
                                                                                                • GetCursorPos.USER32(?), ref: 00952381
                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009523DF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                • String ID:
                                                                                                • API String ID: 2387181109-0
                                                                                                • Opcode ID: 1e63bcba95559c37968d5df65d6080a277127c4a136d5964335aa7ca67c71c26
                                                                                                • Instruction ID: 3fc7c9194049cf8296670280ed6e077078a4022b71223217d424425e42f3b4bd
                                                                                                • Opcode Fuzzy Hash: 1e63bcba95559c37968d5df65d6080a277127c4a136d5964335aa7ca67c71c26
                                                                                                • Instruction Fuzzy Hash: 7031FE72108305AFC720DF55C848B6BBBA9FF85710F00091EF88597191DB74EA08CB92
                                                                                                Function 00949B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00949B78
                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00949C8B
                                                                                                  • Part of subcall function 00943874: GetInputState.USER32 ref: 009438CB
                                                                                                  • Part of subcall function 00943874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00943966
                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00949BA8
                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00949C75
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1972594611-438819550
                                                                                                • Opcode ID: 5454705fa67870ce14c67eae706edae0f0b6d02c91dbd8f74249fb8512ce1244
                                                                                                • Instruction ID: 890ead506b5da9bba3acdeb01c2967c11f123f323fb5b11b2b03634b1a868edf
                                                                                                • Opcode Fuzzy Hash: 5454705fa67870ce14c67eae706edae0f0b6d02c91dbd8f74249fb8512ce1244
                                                                                                • Instruction Fuzzy Hash: AB416D7190420AAFCF14EF68D985EEEBBB8FF55311F244156F849A2291EB309E44CF61
                                                                                                Function 008E997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 008E9A4E
                                                                                                • GetSysColor.USER32(0000000F), ref: 008E9B23
                                                                                                • SetBkColor.GDI32(?,00000000), ref: 008E9B36
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$LongProcWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3131106179-0
                                                                                                • Opcode ID: ea76b3f194c8668448c77a3c7518f9cb6ad19b04345ca738111d9193355bf70a
                                                                                                • Instruction ID: e78355ac5bde1944d069f2b2eb3a80ff74b67de4a33fe57b14b060bedb13c97a
                                                                                                • Opcode Fuzzy Hash: ea76b3f194c8668448c77a3c7518f9cb6ad19b04345ca738111d9193355bf70a
                                                                                                • Instruction Fuzzy Hash: 0AA16C7010C5B4BEE728AA7EAC58E7B769DFF83318F100119F482E66D5CAA5DD01D272
                                                                                                Function 00951806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0095304E: inet_addr.WSOCK32(?), ref: 0095307A
                                                                                                  • Part of subcall function 0095304E: _wcslen.LIBCMT ref: 0095309B
                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 0095185D
                                                                                                • WSAGetLastError.WSOCK32 ref: 00951884
                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 009518DB
                                                                                                • WSAGetLastError.WSOCK32 ref: 009518E6
                                                                                                • closesocket.WSOCK32(00000000), ref: 00951915
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                • String ID:
                                                                                                • API String ID: 1601658205-0
                                                                                                • Opcode ID: 4da72c0cb605cc7204c64545dc0f54136bcc23a29f48d78172f6c2824bf9fd3c
                                                                                                • Instruction ID: d6580fff0fb8bc195d1ac1b9d803698312b112b7017e8c14b8eb211e4283cce3
                                                                                                • Opcode Fuzzy Hash: 4da72c0cb605cc7204c64545dc0f54136bcc23a29f48d78172f6c2824bf9fd3c
                                                                                                • Instruction Fuzzy Hash: 1751B071A00200AFDB20EF29C886F6A77A5EB44718F088559F9459F3C3D7B5AD418BA2
                                                                                                Function 00961C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                • String ID:
                                                                                                • API String ID: 292994002-0
                                                                                                • Opcode ID: 43c142d33b277d15a88a2e7d0dce7b042ce1bdc53c4728e17c40436158eaf6f8
                                                                                                • Instruction ID: 667a9cd5a91e2847fc5fd39e2c1164f31998903c315ca71e9c3464d7be939776
                                                                                                • Opcode Fuzzy Hash: 43c142d33b277d15a88a2e7d0dce7b042ce1bdc53c4728e17c40436158eaf6f8
                                                                                                • Instruction Fuzzy Hash: C421D1317406015FD7208F2AC884B6A7BA9EF95314B1C846DE88ACB391CBB5EC42CB90
                                                                                                Function 008D8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                • API String ID: 0-1546025612
                                                                                                • Opcode ID: f3873264546a502754ae52bf89c3d63a0664cac5fc3b0f637cee1041f25f8bc3
                                                                                                • Instruction ID: f23840773aa355aa6d691b825f5bc0bdcf029da13d39dda70f6d531bd2073537
                                                                                                • Opcode Fuzzy Hash: f3873264546a502754ae52bf89c3d63a0664cac5fc3b0f637cee1041f25f8bc3
                                                                                                • Instruction Fuzzy Hash: 65A24971E0061ECBDF248F58C8407EEB7B6FB94314F2586AAE855A7384DB749D81CB90
                                                                                                Function 0093AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0093AAAC
                                                                                                • SetKeyboardState.USER32(00000080), ref: 0093AAC8
                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0093AB36
                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0093AB88
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                • String ID:
                                                                                                • API String ID: 432972143-0
                                                                                                • Opcode ID: 5bc71a4e0b9fe7401749a408967592f4188472543de476840fd98ecea45c9f6a
                                                                                                • Instruction ID: b0ab59ac75d9ff43efcb3f67968ada52e32de0dab9b7b5e457d3d7d29b709a65
                                                                                                • Opcode Fuzzy Hash: 5bc71a4e0b9fe7401749a408967592f4188472543de476840fd98ecea45c9f6a
                                                                                                • Instruction Fuzzy Hash: 70311671A40248AEFB35CB65CC05BFABBBEAB54320F04421BF1C1961D1D3788981DF66
                                                                                                Function 0090BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0090BB7F
                                                                                                  • Part of subcall function 009029C8: HeapFree.KERNEL32(00000000,00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000), ref: 009029DE
                                                                                                  • Part of subcall function 009029C8: GetLastError.KERNEL32(00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000,00000000), ref: 009029F0
                                                                                                • GetTimeZoneInformation.KERNEL32 ref: 0090BB91
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,009A121C,000000FF,?,0000003F,?,?), ref: 0090BC09
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,009A1270,000000FF,?,0000003F,?,?,?,009A121C,000000FF,?,0000003F,?,?), ref: 0090BC36
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                • String ID:
                                                                                                • API String ID: 806657224-0
                                                                                                • Opcode ID: 4e9d46136aa49b51b8c2b8d9d1efde312922564e1e5da1d60b62dd36c2795385
                                                                                                • Instruction ID: fe8d064447e5850469b2c977a2f63000dbc297a789a3dab84734cbf9bf09e8bc
                                                                                                • Opcode Fuzzy Hash: 4e9d46136aa49b51b8c2b8d9d1efde312922564e1e5da1d60b62dd36c2795385
                                                                                                • Instruction Fuzzy Hash: 7A31AD70908255DFDB15EF69CC80A6DBBB8FF86350B1446AAE4A0DB2E1D7309E40DB90
                                                                                                Function 0094CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 0094CE89
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0094CEEA
                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 0094CEFE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                • String ID:
                                                                                                • API String ID: 234945975-0
                                                                                                • Opcode ID: 07f09ece5d15c1b6b6fa218bae58118f82e0d8591d6abdff58f578a75e90672e
                                                                                                • Instruction ID: 16e963642c69e1299a3f1c16c96ced050266f232e1e245da0c97a5e8d04129c8
                                                                                                • Opcode Fuzzy Hash: 07f09ece5d15c1b6b6fa218bae58118f82e0d8591d6abdff58f578a75e90672e
                                                                                                • Instruction Fuzzy Hash: D0218CB15053059FDB60DFA5C948FA777FCEB50358F10482EE646D2151E774EE089B50
                                                                                                Function 00938298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 009382AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrlen
                                                                                                • String ID: ($|
                                                                                                • API String ID: 1659193697-1631851259
                                                                                                • Opcode ID: 825e5385c66a7b3a20e77fbbff2761f69ce516240313e036b4b515960c30424e
                                                                                                • Instruction ID: abf48594a5d893b4129be40170eace458aa91baa63a07619b4d7a0590653aa61
                                                                                                • Opcode Fuzzy Hash: 825e5385c66a7b3a20e77fbbff2761f69ce516240313e036b4b515960c30424e
                                                                                                • Instruction Fuzzy Hash: 03323374A007059FCB28CF69C481A6AB7F1FF48710B15856EE59ADB3A1EB70E981CF40
                                                                                                Function 00945C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00945CC1
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00945D17
                                                                                                • FindClose.KERNEL32(?), ref: 00945D5F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                • String ID:
                                                                                                • API String ID: 3541575487-0
                                                                                                • Opcode ID: 8f50797385e881ae8fe80ccf6438bbeb3e3ceafb4eb08603838ede096940cadb
                                                                                                • Instruction ID: cd349f728259deb3ef4b8a3aab9a0a7a68c54cc50e185dbf3747aa4a33a74880
                                                                                                • Opcode Fuzzy Hash: 8f50797385e881ae8fe80ccf6438bbeb3e3ceafb4eb08603838ede096940cadb
                                                                                                • Instruction Fuzzy Hash: EF517A74A046019FC714DF68C494E96B7E8FF49314F15865EE99A8B3A2DB30ED04CB91
                                                                                                Function 00902622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsDebuggerPresent.KERNEL32 ref: 0090271A
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00902724
                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00902731
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                • String ID:
                                                                                                • API String ID: 3906539128-0
                                                                                                • Opcode ID: 0ee1ca6773e3a2aa3d5a21ae497b2a127075d9d28aa606300008edb4ee13ecd0
                                                                                                • Instruction ID: dd577b3ce396b9348c454616a4cc14e10ff07389f92b69aa5681b396040deb3b
                                                                                                • Opcode Fuzzy Hash: 0ee1ca6773e3a2aa3d5a21ae497b2a127075d9d28aa606300008edb4ee13ecd0
                                                                                                • Instruction Fuzzy Hash: AB31B47491122C9BCB21DF68DC89B9DB7B8FF08310F5041EAE91CA6261E7709F818F55
                                                                                                Function 009451CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 009451DA
                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00945238
                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 009452A1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                • String ID:
                                                                                                • API String ID: 1682464887-0
                                                                                                • Opcode ID: bf9f1f733906195ea2d3fffc804e543447212bffd24031f6615581396dce2a6c
                                                                                                • Instruction ID: 64d8510c5713c957a635c9e0a2370c85ac2236f7193dc94848a8b9c6a86b07d0
                                                                                                • Opcode Fuzzy Hash: bf9f1f733906195ea2d3fffc804e543447212bffd24031f6615581396dce2a6c
                                                                                                • Instruction Fuzzy Hash: 0B318F75A00508DFDB00DF94D884EADBBB4FF49314F05809AE845AB362DB71EC45CB91
                                                                                                Function 009316C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008F0668
                                                                                                  • Part of subcall function 008EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008F0685
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0093170D
                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0093173A
                                                                                                • GetLastError.KERNEL32 ref: 0093174A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                • String ID:
                                                                                                • API String ID: 577356006-0
                                                                                                • Opcode ID: cee33f92f328689aa0ba2df1932a9b6429bcfe96e9b11d44e17d48d37526c8e8
                                                                                                • Instruction ID: eb3614b341cbed075f05c9a5a1f3c474e610e7ace150d48a00072088eec8d2c7
                                                                                                • Opcode Fuzzy Hash: cee33f92f328689aa0ba2df1932a9b6429bcfe96e9b11d44e17d48d37526c8e8
                                                                                                • Instruction Fuzzy Hash: 7A11CEB2514305AFD718AF54DC86E6ABBBDFB04754B24852EF09693251EB70BC428F20
                                                                                                Function 0093D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0093D608
                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0093D645
                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0093D650
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                • String ID:
                                                                                                • API String ID: 33631002-0
                                                                                                • Opcode ID: e457304127404cabbdcff51eca962e0d2999237b8409b28da20a051e3d776930
                                                                                                • Instruction ID: 29faf6637ee4ce2376edc45936148d55bb8b825ea1e6710589d7248faffd5128
                                                                                                • Opcode Fuzzy Hash: e457304127404cabbdcff51eca962e0d2999237b8409b28da20a051e3d776930
                                                                                                • Instruction Fuzzy Hash: F011C4B1E05228BFDB108F95EC45FAFBFBCEB45B50F108115F914E7290C2B04A058BA1
                                                                                                Function 00931663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0093168C
                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 009316A1
                                                                                                • FreeSid.ADVAPI32(?), ref: 009316B1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                • String ID:
                                                                                                • API String ID: 3429775523-0
                                                                                                • Opcode ID: 39745ff6100652be08bb0912df07eb73e3cc4524f840edf0fff0fb8ef06788f1
                                                                                                • Instruction ID: de6a37707ee97e9d5b469595edd35210758c25ba48b60b8ff959347fa7bfbf1d
                                                                                                • Opcode Fuzzy Hash: 39745ff6100652be08bb0912df07eb73e3cc4524f840edf0fff0fb8ef06788f1
                                                                                                • Instruction Fuzzy Hash: 11F0F4B1964309FBDF00DFE49D89AAEBBBCEB08604F504565F501E2191E774AA449A50
                                                                                                Function 0092D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 0092D28C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameUser
                                                                                                • String ID: X64
                                                                                                • API String ID: 2645101109-893830106
                                                                                                • Opcode ID: ba2886a0fd89d926e64c635614377a97dcc211c5a4b775e9d2fec8f0f159e81d
                                                                                                • Instruction ID: 86fc56451d24e74795b8e072fdcf2e5e6edc7e90fa7abbf129f7ad2ef70384b3
                                                                                                • Opcode Fuzzy Hash: ba2886a0fd89d926e64c635614377a97dcc211c5a4b775e9d2fec8f0f159e81d
                                                                                                • Instruction Fuzzy Hash: F4D0CAB581622DEACF90CBA0EC88DEAB3BCBB04309F100696F106E2000DB7496489F20
                                                                                                Function 008FCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                • Instruction ID: 0c977a46ceba3b890e3430839958913bef094fa511418238013397babe2b4958
                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                • Instruction Fuzzy Hash: 2F020A71E0021D9BDF14CFA9D9806ADFBF1FF88314F25816AD919EB384D731AA418B94
                                                                                                Function 009468EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00946918
                                                                                                • FindClose.KERNEL32(00000000), ref: 00946961
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFileFirst
                                                                                                • String ID:
                                                                                                • API String ID: 2295610775-0
                                                                                                • Opcode ID: 0668f6eb9e55a742cf1e7a5c97fcc82f4a550987dffe2caa88e68be9a3946c1a
                                                                                                • Instruction ID: 0a85b212a751c3ace7a18823c586b37c3cb10bc2e4dd9a7454e624c6777dbe76
                                                                                                • Opcode Fuzzy Hash: 0668f6eb9e55a742cf1e7a5c97fcc82f4a550987dffe2caa88e68be9a3946c1a
                                                                                                • Instruction Fuzzy Hash: 00117C716142019FC710DF29D484A26BBE5FF85328F14C69AE8698B3A2CB70EC05CB92
                                                                                                Function 009437B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00954891,?,?,00000035,?), ref: 009437E4
                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00954891,?,?,00000035,?), ref: 009437F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                • String ID:
                                                                                                • API String ID: 3479602957-0
                                                                                                • Opcode ID: f845336847d1082eca4f90ecd3fea36124e11662a1e623f91997a5328447af7b
                                                                                                • Instruction ID: ea2c1d371003c4d346a78a5d72def9f153cd5f173f08b480fc8b5cb5a55711dd
                                                                                                • Opcode Fuzzy Hash: f845336847d1082eca4f90ecd3fea36124e11662a1e623f91997a5328447af7b
                                                                                                • Instruction Fuzzy Hash: D3F0E5B07052292AE72017768C4DFEB3BAEEFC4761F004265F509E2281DAA09944C6B0
                                                                                                Function 0093B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0093B25D
                                                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0093B270
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InputSendkeybd_event
                                                                                                • String ID:
                                                                                                • API String ID: 3536248340-0
                                                                                                • Opcode ID: 575334e085d3b9a23fff236ff60fddce14204efc11eb25f86a8a50955f0ccc5b
                                                                                                • Instruction ID: 883ba6fa70d83fbb160fe7a405f2a1e30f5416ab3e6a4e440660aeea24332bb4
                                                                                                • Opcode Fuzzy Hash: 575334e085d3b9a23fff236ff60fddce14204efc11eb25f86a8a50955f0ccc5b
                                                                                                • Instruction Fuzzy Hash: 4EF01D7181428DABDB059FA1C806BBE7BB4FF04309F00840AF965A5192C7B996119F94
                                                                                                Function 009310BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009311FC), ref: 009310D4
                                                                                                • CloseHandle.KERNEL32(?,?,009311FC), ref: 009310E9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                • String ID:
                                                                                                • API String ID: 81990902-0
                                                                                                • Opcode ID: ba47230e3ceed6c5fac975db4d27bb4b10a72e7affb9aef0be78ff7c72bdfa2e
                                                                                                • Instruction ID: 6d753183aab2ddd943a2987f0d0d410e9fd18a31a75cec0246378ba3c84f0d79
                                                                                                • Opcode Fuzzy Hash: ba47230e3ceed6c5fac975db4d27bb4b10a72e7affb9aef0be78ff7c72bdfa2e
                                                                                                • Instruction Fuzzy Hash: 04E04F72018641AEE7252B16FC05E777BA9FB04310F10882DF5A5804B1DBA26C90EB10
                                                                                                Function 008DCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Variable is not of type 'Object'., xrefs: 00920C40
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Variable is not of type 'Object'.
                                                                                                • API String ID: 0-1840281001
                                                                                                • Opcode ID: 710b4f1361214048e9429aedc552824d7e3e4b45eab39e48382c2a22130b80bc
                                                                                                • Instruction ID: 33f11a4cbc2b2bc8526bdbfe32ea61791983765c5393da7424e60f142d2ea251
                                                                                                • Opcode Fuzzy Hash: 710b4f1361214048e9429aedc552824d7e3e4b45eab39e48382c2a22130b80bc
                                                                                                • Instruction Fuzzy Hash: 2D329C70900229DBCF14DF94D881AEDB7B9FF45308F20425AE806EB396DB75AE45CB61
                                                                                                Function 0090676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00906766,?,?,00000008,?,?,0090FEFE,00000000), ref: 00906998
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3997070919-0
                                                                                                • Opcode ID: e0203bc75e0fede018ec2fcb5d0aa3db4cc39ed16896a331f3b091549cdd0fba
                                                                                                • Instruction ID: 506e8d3b8904bf0a345886962f6de1c75948dd954a4fdd3f10614ef003290dec
                                                                                                • Opcode Fuzzy Hash: e0203bc75e0fede018ec2fcb5d0aa3db4cc39ed16896a331f3b091549cdd0fba
                                                                                                • Instruction Fuzzy Hash: D5B119716106099FD719CF28C48AB657BE0FF45364F25C658E8A9CF2E2C735E9A1CB40
                                                                                                Function 008EB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: 6b5ce380ec4beb68ecc48a080a02c60400bbb1f0b5d7a9780b54ae01f2340d01
                                                                                                • Instruction ID: 529451dc4e1560515f69025878ffc506a13b18aa66a4a9c2daa1e546dabfed43
                                                                                                • Opcode Fuzzy Hash: 6b5ce380ec4beb68ecc48a080a02c60400bbb1f0b5d7a9780b54ae01f2340d01
                                                                                                • Instruction Fuzzy Hash: 33127F719002299BCB24CF59D881AEEB7F5FF49710F1481AAE849EB255DB349E81CF90
                                                                                                Function 0094EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • BlockInput.USER32(00000001), ref: 0094EABD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BlockInput
                                                                                                • String ID:
                                                                                                • API String ID: 3456056419-0
                                                                                                • Opcode ID: 3579759fa594303b729f61a19d9cfe8ab88f0e5a196c9c82aed63693d915c76c
                                                                                                • Instruction ID: 6837990ffd685c9257abfcb100dd386b8fa57ed822d07eeb2ab86e66cd56c177
                                                                                                • Opcode Fuzzy Hash: 3579759fa594303b729f61a19d9cfe8ab88f0e5a196c9c82aed63693d915c76c
                                                                                                • Instruction Fuzzy Hash: 4EE01A352142059FC710EF5AD804E9AB7E9FF98760F00841AFD49C7361DAB0A8408B91
                                                                                                Function 008F09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008F03EE), ref: 008F09DA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID:
                                                                                                • API String ID: 3192549508-0
                                                                                                • Opcode ID: 39f18c69422948179f1c562d25a197c264912b51b7f15faec112904f76a6f5af
                                                                                                • Instruction ID: 6daf417ad6b3fab1de559d9fc4f06d4d8a354ee3a14db6a17561b21f696e8bf0
                                                                                                • Opcode Fuzzy Hash: 39f18c69422948179f1c562d25a197c264912b51b7f15faec112904f76a6f5af
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 008F781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0
                                                                                                • API String ID: 0-4108050209
                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                • Instruction ID: 67c651ee05dcf7627e088cb131bbd226d1642fe4481d95c988906e259ea654b5
                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                • Instruction Fuzzy Hash: E051992172C60D9BFB38497C885D7BE2B85FB12384F180539DB82C7282D659DE02C35A
                                                                                                Function 00906DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9d14ea2c77998f52981b1e6d1629c8f6030860d3312c917daf93050319b852f4
                                                                                                • Instruction ID: 65e5c59db00059beb2853cb8ea0d194e127f0f93b30d67ca9e4a308475edc7d4
                                                                                                • Opcode Fuzzy Hash: 9d14ea2c77998f52981b1e6d1629c8f6030860d3312c917daf93050319b852f4
                                                                                                • Instruction Fuzzy Hash: EC32F022D3DF014DD7239634DC22336A289AFB73D5F25D727F82AB59A6EB2994C35100
                                                                                                Function 008ECC39 Relevance: .6, Instructions: 635COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c5d42543e392ee525a5e8d2136c1b9e0c818f6e331e380fbcb55e5a49f7d119a
                                                                                                • Instruction ID: e6e7409e1eed711eb257f1132b459c5a924fdd8dfc2ef81c6fac94416ef7f21c
                                                                                                • Opcode Fuzzy Hash: c5d42543e392ee525a5e8d2136c1b9e0c818f6e331e380fbcb55e5a49f7d119a
                                                                                                • Instruction Fuzzy Hash: 04325BB1E041A59BCF24CF29E490A7D77A5FF46300F38856AE889DB299D334DD82DB41
                                                                                                Function 008D7920 Relevance: .6, Instructions: 563COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b32f654900eedb9953aedc020d7be6a676a6c9210a856c45a36331cccda1cc8b
                                                                                                • Instruction ID: 296fba0b0928513039ed071796deedb94ac5c69de801fb13252511071b7a42eb
                                                                                                • Opcode Fuzzy Hash: b32f654900eedb9953aedc020d7be6a676a6c9210a856c45a36331cccda1cc8b
                                                                                                • Instruction Fuzzy Hash: BC229D70A0460ADFDF14CF68C881AEEB7B6FF44314F11462AE812E7391EB36A951CB51
                                                                                                Function 008D91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 269ba9a6cb3ca7bd3acae5f27e259fcffe745395e5efe77d4bc237870fe2c557
                                                                                                • Instruction ID: 60496c51bcdaf7a4cd9091fc99be54d538cb864266bfeeb2f63037a41fee8318
                                                                                                • Opcode Fuzzy Hash: 269ba9a6cb3ca7bd3acae5f27e259fcffe745395e5efe77d4bc237870fe2c557
                                                                                                • Instruction Fuzzy Hash: 8B02B6B0F0020AEBDB04DF69D881AADB7B5FF44304F508169E956DB391EB31AE50CB91
                                                                                                Function 00909EEE Relevance: .3, Instructions: 294COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6fe2ba7280852aa125dafb87c36a83df8fa995b58a6761282a9633db58586db2
                                                                                                • Instruction ID: f810e37151bce33c7479e217a5dfcacc5bba2012843706f687555433f0c98b28
                                                                                                • Opcode Fuzzy Hash: 6fe2ba7280852aa125dafb87c36a83df8fa995b58a6761282a9633db58586db2
                                                                                                • Instruction Fuzzy Hash: 23B1F221E3AF414DC22396398831336B65CAFBB6D5F91D71BFC1A74D62EB2285C36141
                                                                                                Function 008F1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                • Instruction ID: e01880e2e843c850dc545d248a3a07fe92380d827216189763cacc1ff01a0dfb
                                                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                • Instruction Fuzzy Hash: 269157726080AB8ADF29463A857C07DFFF1EB523A131A079DD5F2CA1C5FE149954D620
                                                                                                Function 008F1F32 Relevance: .2, Instructions: 244COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                • Instruction ID: a4fc3831e2eb5e5ea0f791c3b6808294a5497442427ffa98b7e29c6621451a46
                                                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                • Instruction Fuzzy Hash: 4D9179732090AB49DB2D423A857843DFFE1FA923A131A079DD5F2CB1C5EE24D564E620
                                                                                                Function 008F19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                • Instruction ID: 072b216d52f13790e920022d587d06b2720becf7969bc214dd7abf8002c402f2
                                                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                • Instruction Fuzzy Hash: A79144722090ABCADF6D427A857C03DFFE1EA923B631A079ED5F2CA1C1FD14C5649620
                                                                                                Function 008F7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0ee2a590c22b35aac912a035ca711ad165cf0aaf4d63dc47436f0bc0608291a
                                                                                                • Instruction ID: 0280a80686121276a3fc2d73a65074ed64edec707bd250916d94b6f706d7ad4a
                                                                                                • Opcode Fuzzy Hash: a0ee2a590c22b35aac912a035ca711ad165cf0aaf4d63dc47436f0bc0608291a
                                                                                                • Instruction Fuzzy Hash: 2761467120C71ED6FF349A3C8C95BBE2394FF42764F24091AEB42DB281DA519E42C766
                                                                                                Function 008F7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e19be76f726b93f88c8d9a757f5bd59538cad2f6ff1b3de9d5874bf59673151d
                                                                                                • Instruction ID: 419212ca610bb96d0f016be6dc30befeec7063d486278849910fbb35fe62080f
                                                                                                • Opcode Fuzzy Hash: e19be76f726b93f88c8d9a757f5bd59538cad2f6ff1b3de9d5874bf59673151d
                                                                                                • Instruction Fuzzy Hash: 7E617C3160870D97FF386A3C5855BBF2389FF42B08F90095AEB42DB289EA519D42C356
                                                                                                Function 008F1706 Relevance: .2, Instructions: 232COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                • Instruction ID: e7a8f4cdbd7c892d86a79d4aa2d51d2cc2c458ce5b624133065989a0f639db67
                                                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                • Instruction Fuzzy Hash: D98197326080AB89DF6D423A857C03EFFE1FA923A131A07ADD5F6CB1C5EE14C554E660
                                                                                                Function 00942046 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aee3f8aad9cffac6e086400cb2fab7e2b831cc30337268bf35ef57e527c56369
                                                                                                • Instruction ID: 16e67f2bf15119b008b797d8e6f66b1c5eb0d929cf93dba86ba387447e8f6915
                                                                                                • Opcode Fuzzy Hash: aee3f8aad9cffac6e086400cb2fab7e2b831cc30337268bf35ef57e527c56369
                                                                                                • Instruction Fuzzy Hash: 7721B7326216158BD728CF79C82367E73E9BB94314F65862EE4A7C37D0DE35A904DB80
                                                                                                Function 00952ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteObject.GDI32(00000000), ref: 00952B30
                                                                                                • DeleteObject.GDI32(00000000), ref: 00952B43
                                                                                                • DestroyWindow.USER32 ref: 00952B52
                                                                                                • GetDesktopWindow.USER32 ref: 00952B6D
                                                                                                • GetWindowRect.USER32(00000000), ref: 00952B74
                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00952CA3
                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00952CB1
                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952CF8
                                                                                                • GetClientRect.USER32(00000000,?), ref: 00952D04
                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00952D40
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952D62
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952D75
                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952D80
                                                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952D89
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952D98
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952DA1
                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952DA8
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00952DB3
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952DC5
                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0096FC38,00000000), ref: 00952DDB
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00952DEB
                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00952E11
                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00952E30
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00952E52
                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095303F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                • API String ID: 2211948467-2373415609
                                                                                                • Opcode ID: f6bce93c675ab4b25caaf63be54783097c1306fe4b53f7efa45c24ec3dc01965
                                                                                                • Instruction ID: 2c518db1daa6ba98b83e4f4f184761485fee15d0d32cd2e89e59033dbafa41be
                                                                                                • Opcode Fuzzy Hash: f6bce93c675ab4b25caaf63be54783097c1306fe4b53f7efa45c24ec3dc01965
                                                                                                • Instruction Fuzzy Hash: EB029BB1A10205EFDB14DF68DC89EAE7BB9FF49311F008159F915AB2A1CB74AD04DB60
                                                                                                Function 009670D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0096712F
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00967160
                                                                                                • GetSysColor.USER32(0000000F), ref: 0096716C
                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00967186
                                                                                                • SelectObject.GDI32(?,?), ref: 00967195
                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 009671C0
                                                                                                • GetSysColor.USER32(00000010), ref: 009671C8
                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 009671CF
                                                                                                • FrameRect.USER32(?,?,00000000), ref: 009671DE
                                                                                                • DeleteObject.GDI32(00000000), ref: 009671E5
                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00967230
                                                                                                • FillRect.USER32(?,?,?), ref: 00967262
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00967284
                                                                                                  • Part of subcall function 009673E8: GetSysColor.USER32(00000012), ref: 00967421
                                                                                                  • Part of subcall function 009673E8: SetTextColor.GDI32(?,?), ref: 00967425
                                                                                                  • Part of subcall function 009673E8: GetSysColorBrush.USER32(0000000F), ref: 0096743B
                                                                                                  • Part of subcall function 009673E8: GetSysColor.USER32(0000000F), ref: 00967446
                                                                                                  • Part of subcall function 009673E8: GetSysColor.USER32(00000011), ref: 00967463
                                                                                                  • Part of subcall function 009673E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00967471
                                                                                                  • Part of subcall function 009673E8: SelectObject.GDI32(?,00000000), ref: 00967482
                                                                                                  • Part of subcall function 009673E8: SetBkColor.GDI32(?,00000000), ref: 0096748B
                                                                                                  • Part of subcall function 009673E8: SelectObject.GDI32(?,?), ref: 00967498
                                                                                                  • Part of subcall function 009673E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009674B7
                                                                                                  • Part of subcall function 009673E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009674CE
                                                                                                  • Part of subcall function 009673E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009674DB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                • String ID:
                                                                                                • API String ID: 4124339563-0
                                                                                                • Opcode ID: 04750b96605bbe2aa0c49ebeaf3450d6ceb8907919fd3c89101314a9ba5d634a
                                                                                                • Instruction ID: 063cb5351881bb6c57a3f7b246b743144109288f738fc6ee6eea3b2b78d68ab7
                                                                                                • Opcode Fuzzy Hash: 04750b96605bbe2aa0c49ebeaf3450d6ceb8907919fd3c89101314a9ba5d634a
                                                                                                • Instruction Fuzzy Hash: 0BA193B201C301AFDB009FA4DC48E6BBBA9FF49325F100A1DF9A2961E1D775E944EB51
                                                                                                Function 008E8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(?,?), ref: 008E8E14
                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00926AC5
                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00926AFE
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00926F43
                                                                                                  • Part of subcall function 008E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008E8BE8,?,00000000,?,?,?,?,008E8BBA,00000000,?), ref: 008E8FC5
                                                                                                • SendMessageW.USER32(?,00001053), ref: 00926F7F
                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00926F96
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00926FAC
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00926FB7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                • String ID: 0
                                                                                                • API String ID: 2760611726-4108050209
                                                                                                • Opcode ID: 59a841420e96f115656fbea342ad81c473b33a11ff946fb826915adbfbdb0e6a
                                                                                                • Instruction ID: 69142f9d5a79430661cab06386c5b2913fedb42c14402264bcdd2818cc2ece25
                                                                                                • Opcode Fuzzy Hash: 59a841420e96f115656fbea342ad81c473b33a11ff946fb826915adbfbdb0e6a
                                                                                                • Instruction Fuzzy Hash: 9F12CE30208262DFDB25DF18E844BAAB7E9FF46300F144469F499CBA61CB31EC51EB91
                                                                                                Function 00952711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(00000000), ref: 0095273E
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0095286A
                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009528A9
                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009528B9
                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00952900
                                                                                                • GetClientRect.USER32(00000000,?), ref: 0095290C
                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00952955
                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00952964
                                                                                                • GetStockObject.GDI32(00000011), ref: 00952974
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00952978
                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00952988
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00952991
                                                                                                • DeleteDC.GDI32(00000000), ref: 0095299A
                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009529C6
                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 009529DD
                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00952A1D
                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00952A31
                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00952A42
                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00952A77
                                                                                                • GetStockObject.GDI32(00000011), ref: 00952A82
                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00952A8D
                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00952A97
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                • API String ID: 2910397461-517079104
                                                                                                • Opcode ID: fa8cd7d094f7f5bf435c45e0428c974255d041633816ebb53c8ef1aa2b166263
                                                                                                • Instruction ID: 5e78c484005fc9d2b9fb0738bf72d3f49bc779cb279427dd1497510b69c5d6bb
                                                                                                • Opcode Fuzzy Hash: fa8cd7d094f7f5bf435c45e0428c974255d041633816ebb53c8ef1aa2b166263
                                                                                                • Instruction Fuzzy Hash: 1BB16CB1A10215AFEB14DFA8DC45FAE7BB9FB49711F008219F914E7290DBB4AD40DB90
                                                                                                Function 00944ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00944AED
                                                                                                • GetDriveTypeW.KERNEL32(?,0096CB68,?,\\.\,0096CC08), ref: 00944BCA
                                                                                                • SetErrorMode.KERNEL32(00000000,0096CB68,?,\\.\,0096CC08), ref: 00944D36
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$DriveType
                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                • API String ID: 2907320926-4222207086
                                                                                                • Opcode ID: 34175dbc481c571110d4d6ea047c3b8e5e21c67ae8fcf88a0d239affcebbb0b4
                                                                                                • Instruction ID: 234f9d0f2107bdb915a560d52d2fd8891ef7600d521e5f7aef1cd3e4f0498c12
                                                                                                • Opcode Fuzzy Hash: 34175dbc481c571110d4d6ea047c3b8e5e21c67ae8fcf88a0d239affcebbb0b4
                                                                                                • Instruction Fuzzy Hash: 4161B4306052059BCF14DF28CAC2EBD77A4FB8534AB284916F886EB2D1DB35ED41DB42
                                                                                                Function 009673E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000012), ref: 00967421
                                                                                                • SetTextColor.GDI32(?,?), ref: 00967425
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0096743B
                                                                                                • GetSysColor.USER32(0000000F), ref: 00967446
                                                                                                • CreateSolidBrush.GDI32(?), ref: 0096744B
                                                                                                • GetSysColor.USER32(00000011), ref: 00967463
                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00967471
                                                                                                • SelectObject.GDI32(?,00000000), ref: 00967482
                                                                                                • SetBkColor.GDI32(?,00000000), ref: 0096748B
                                                                                                • SelectObject.GDI32(?,?), ref: 00967498
                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 009674B7
                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009674CE
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 009674DB
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0096752A
                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00967554
                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00967572
                                                                                                • DrawFocusRect.USER32(?,?), ref: 0096757D
                                                                                                • GetSysColor.USER32(00000011), ref: 0096758E
                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00967596
                                                                                                • DrawTextW.USER32(?,009670F5,000000FF,?,00000000), ref: 009675A8
                                                                                                • SelectObject.GDI32(?,?), ref: 009675BF
                                                                                                • DeleteObject.GDI32(?), ref: 009675CA
                                                                                                • SelectObject.GDI32(?,?), ref: 009675D0
                                                                                                • DeleteObject.GDI32(?), ref: 009675D5
                                                                                                • SetTextColor.GDI32(?,?), ref: 009675DB
                                                                                                • SetBkColor.GDI32(?,?), ref: 009675E5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                • String ID:
                                                                                                • API String ID: 1996641542-0
                                                                                                • Opcode ID: 41a345f7a5b469afff88437ae6ac030a22e90f557e82e6d62a76595729371317
                                                                                                • Instruction ID: aa95e0d73c7e056a41e0c366068789335150389b19e64d1346490c2dac82dec9
                                                                                                • Opcode Fuzzy Hash: 41a345f7a5b469afff88437ae6ac030a22e90f557e82e6d62a76595729371317
                                                                                                • Instruction Fuzzy Hash: 3A6182B2908218AFDF019FA4DC49EEEBF79EF09320F114115F915AB2A1D7B49940EF90
                                                                                                Function 00960FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCursorPos.USER32(?), ref: 00961128
                                                                                                • GetDesktopWindow.USER32 ref: 0096113D
                                                                                                • GetWindowRect.USER32(00000000), ref: 00961144
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00961199
                                                                                                • DestroyWindow.USER32(?), ref: 009611B9
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009611ED
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0096120B
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0096121D
                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00961232
                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00961245
                                                                                                • IsWindowVisible.USER32(00000000), ref: 009612A1
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009612BC
                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009612D0
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 009612E8
                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 0096130E
                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00961328
                                                                                                • CopyRect.USER32(?,?), ref: 0096133F
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 009613AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                • String ID: ($0$tooltips_class32
                                                                                                • API String ID: 698492251-4156429822
                                                                                                • Opcode ID: bbd15123f5282fe308135fa1a24b6ba3b420c2234cbec6cb790fdeb6ed822474
                                                                                                • Instruction ID: dbd46485fb417b1b532499404706ccc1688da6e7a4ac8cade8e82e303ac5bedd
                                                                                                • Opcode Fuzzy Hash: bbd15123f5282fe308135fa1a24b6ba3b420c2234cbec6cb790fdeb6ed822474
                                                                                                • Instruction Fuzzy Hash: 19B19E71608341AFDB04DF68C884B6ABBE4FF84354F048A1DF99A9B261C771E844CB96
                                                                                                Function 008E8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008E8968
                                                                                                • GetSystemMetrics.USER32(00000007), ref: 008E8970
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008E899B
                                                                                                • GetSystemMetrics.USER32(00000008), ref: 008E89A3
                                                                                                • GetSystemMetrics.USER32(00000004), ref: 008E89C8
                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008E89E5
                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008E89F5
                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 008E8A28
                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 008E8A3C
                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 008E8A5A
                                                                                                • GetStockObject.GDI32(00000011), ref: 008E8A76
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 008E8A81
                                                                                                  • Part of subcall function 008E912D: GetCursorPos.USER32(?), ref: 008E9141
                                                                                                  • Part of subcall function 008E912D: ScreenToClient.USER32(00000000,?), ref: 008E915E
                                                                                                  • Part of subcall function 008E912D: GetAsyncKeyState.USER32(00000001), ref: 008E9183
                                                                                                  • Part of subcall function 008E912D: GetAsyncKeyState.USER32(00000002), ref: 008E919D
                                                                                                • SetTimer.USER32(00000000,00000000,00000028,008E90FC), ref: 008E8AA8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                • String ID: AutoIt v3 GUI
                                                                                                • API String ID: 1458621304-248962490
                                                                                                • Opcode ID: 64251b2068c8d0b9a04aa314ecb7c007d4dc1b6f61018e66eee1197ba1953eb0
                                                                                                • Instruction ID: ae4276971843f18ad94a97b62c031f275f4393af04853ffd157db43cc7e29df9
                                                                                                • Opcode Fuzzy Hash: 64251b2068c8d0b9a04aa314ecb7c007d4dc1b6f61018e66eee1197ba1953eb0
                                                                                                • Instruction Fuzzy Hash: 23B19A75A0421AEFDB14DFA8EC45BAE3BB8FB49314F104229FA15E7290DB74A840DF51
                                                                                                Function 00930D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00931114
                                                                                                  • Part of subcall function 009310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 00931120
                                                                                                  • Part of subcall function 009310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 0093112F
                                                                                                  • Part of subcall function 009310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 00931136
                                                                                                  • Part of subcall function 009310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0093114D
                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00930DF5
                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00930E29
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00930E40
                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00930E7A
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00930E96
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00930EAD
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00930EB5
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00930EBC
                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00930EDD
                                                                                                • CopySid.ADVAPI32(00000000), ref: 00930EE4
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00930F13
                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00930F35
                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00930F47
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00930F6E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930F75
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00930F7E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930F85
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00930F8E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930F95
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00930FA1
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00930FA8
                                                                                                  • Part of subcall function 00931193: GetProcessHeap.KERNEL32(00000008,00930BB1,?,00000000,?,00930BB1,?), ref: 009311A1
                                                                                                  • Part of subcall function 00931193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00930BB1,?), ref: 009311A8
                                                                                                  • Part of subcall function 00931193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00930BB1,?), ref: 009311B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                • String ID:
                                                                                                • API String ID: 4175595110-0
                                                                                                • Opcode ID: 965f982e264e175c9ec0d40c86301533ecf663e1c88a79b48b32f1e7bc816012
                                                                                                • Instruction ID: 58b133975c9a3f9f89c4dd6a2c5ba687d428e7ab6fa46d557bfd3a4b7577e12f
                                                                                                • Opcode Fuzzy Hash: 965f982e264e175c9ec0d40c86301533ecf663e1c88a79b48b32f1e7bc816012
                                                                                                • Instruction Fuzzy Hash: DC7159B290420AABDF209FA4DC48BAEBBBCBF45300F048219F959A6191D7719A05CF60
                                                                                                Function 0095C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0095C4BD
                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,0096CC08,00000000,?,00000000,?,?), ref: 0095C544
                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0095C5A4
                                                                                                • _wcslen.LIBCMT ref: 0095C5F4
                                                                                                • _wcslen.LIBCMT ref: 0095C66F
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0095C6B2
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0095C7C1
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0095C84D
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0095C881
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0095C88E
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0095C960
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                • API String ID: 9721498-966354055
                                                                                                • Opcode ID: cdea715af5a3e98e45c1d5147d316048309faf21de37fa7651be37b8026ec625
                                                                                                • Instruction ID: ba13e1d9b18c153e52ea52c124dc43874742c9e8a70a00195b2fe91445f29ecd
                                                                                                • Opcode Fuzzy Hash: cdea715af5a3e98e45c1d5147d316048309faf21de37fa7651be37b8026ec625
                                                                                                • Instruction Fuzzy Hash: C31269752042019FCB14DF19C881E2AB7E5FF88714F04895DF98A9B3A2DB31ED45CB82
                                                                                                Function 0096091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(?,?), ref: 009609C6
                                                                                                • _wcslen.LIBCMT ref: 00960A01
                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00960A54
                                                                                                • _wcslen.LIBCMT ref: 00960A8A
                                                                                                • _wcslen.LIBCMT ref: 00960B06
                                                                                                • _wcslen.LIBCMT ref: 00960B81
                                                                                                  • Part of subcall function 008EF9F2: _wcslen.LIBCMT ref: 008EF9FD
                                                                                                  • Part of subcall function 00932BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00932BFA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                • API String ID: 1103490817-4258414348
                                                                                                • Opcode ID: 87e2be5e7652952f066fbdb12c25529ee041eeb99ec93c81971e93fd294ae4d1
                                                                                                • Instruction ID: 491869a6a8b0ba93eeee478f8efc7ec742f2be3be05adb6d411fdc3b269d579b
                                                                                                • Opcode Fuzzy Hash: 87e2be5e7652952f066fbdb12c25529ee041eeb99ec93c81971e93fd294ae4d1
                                                                                                • Instruction Fuzzy Hash: 57E157312083019FCB14DF69C49092AB7E6FFD8354B548A5DF8969B3A2DB31ED45CB82
                                                                                                Function 0095C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                • API String ID: 1256254125-909552448
                                                                                                • Opcode ID: aadf09255b19f3418f160ccfc4e4432c1b7ce5d9ba61cea41351cd19f6beedab
                                                                                                • Instruction ID: f793bc1113f948c62d592ff2d71e7f07c58761d875d7530151550ca3189baab1
                                                                                                • Opcode Fuzzy Hash: aadf09255b19f3418f160ccfc4e4432c1b7ce5d9ba61cea41351cd19f6beedab
                                                                                                • Instruction Fuzzy Hash: CD7125B261432A8FCF20DE7ECD415BB3799AB60755F140529FCA6E7285EA34CD48C3A1
                                                                                                Function 0096833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0096835A
                                                                                                • _wcslen.LIBCMT ref: 0096836E
                                                                                                • _wcslen.LIBCMT ref: 00968391
                                                                                                • _wcslen.LIBCMT ref: 009683B4
                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009683F2
                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0096361A,?), ref: 0096844E
                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00968487
                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009684CA
                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00968501
                                                                                                • FreeLibrary.KERNEL32(?), ref: 0096850D
                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0096851D
                                                                                                • DestroyIcon.USER32(?), ref: 0096852C
                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00968549
                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00968555
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                • String ID: .dll$.exe$.icl
                                                                                                • API String ID: 799131459-1154884017
                                                                                                • Opcode ID: a285f2623fa7a6a1c4ebd8b10839dbc8f0d86e182364605df5b7298794adcc4d
                                                                                                • Instruction ID: a11a9bedcf206dc5bb0cc706b311fc66a5b98358d06e3eec0048a2674c7ec0e5
                                                                                                • Opcode Fuzzy Hash: a285f2623fa7a6a1c4ebd8b10839dbc8f0d86e182364605df5b7298794adcc4d
                                                                                                • Instruction Fuzzy Hash: FA61DF71614219BAEB14DF64CC81BBF77ACFB04711F10464AF916D61E1EFB4AA80D7A0
                                                                                                Function 008D7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                • API String ID: 0-1645009161
                                                                                                • Opcode ID: 325989cc6fefc113e3b40086825baf442feabf3a89d3e870e2a222e2d8987100
                                                                                                • Instruction ID: 9376bbd772fa23136ee00bef3ac82935857f45ac954eede46ee0fa9bb8aae55a
                                                                                                • Opcode Fuzzy Hash: 325989cc6fefc113e3b40086825baf442feabf3a89d3e870e2a222e2d8987100
                                                                                                • Instruction Fuzzy Hash: 3C81E471704209BBDB21AF64DC42FBE37A8FF55304F014526F909EA296EB70D941C7A2
                                                                                                Function 00943E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00943EF8
                                                                                                • _wcslen.LIBCMT ref: 00943F03
                                                                                                • _wcslen.LIBCMT ref: 00943F5A
                                                                                                • _wcslen.LIBCMT ref: 00943F98
                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 00943FD6
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0094401E
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00944059
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00944087
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                • API String ID: 1839972693-4113822522
                                                                                                • Opcode ID: 2e2c763880a2b111f6119d5a8bfbcb769c5b35ceaf7ae3a277c691623d6c1b77
                                                                                                • Instruction ID: f073b3f1aaa1151903f07b6be6fe112d75f5a4a473019f6e943db4871b43aaf4
                                                                                                • Opcode Fuzzy Hash: 2e2c763880a2b111f6119d5a8bfbcb769c5b35ceaf7ae3a277c691623d6c1b77
                                                                                                • Instruction Fuzzy Hash: A1719D716042019FC710EF38C88196AB7E8FF94768F108A2EF995D7251EB30DD49CB92
                                                                                                Function 00935A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadIconW.USER32(00000063), ref: 00935A2E
                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00935A40
                                                                                                • SetWindowTextW.USER32(?,?), ref: 00935A57
                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00935A6C
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00935A72
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00935A82
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00935A88
                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00935AA9
                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00935AC3
                                                                                                • GetWindowRect.USER32(?,?), ref: 00935ACC
                                                                                                • _wcslen.LIBCMT ref: 00935B33
                                                                                                • SetWindowTextW.USER32(?,?), ref: 00935B6F
                                                                                                • GetDesktopWindow.USER32 ref: 00935B75
                                                                                                • GetWindowRect.USER32(00000000), ref: 00935B7C
                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00935BD3
                                                                                                • GetClientRect.USER32(?,?), ref: 00935BE0
                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00935C05
                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00935C2F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 895679908-0
                                                                                                • Opcode ID: 334477fbe99048a5644ec3c6cc314a6a6ae1a6a0cd3967a3856057060a029aed
                                                                                                • Instruction ID: 0bf62b8c10efa40a39f17a5c3fe740e140e3255cff700e8bcbf5c2da0eb148cb
                                                                                                • Opcode Fuzzy Hash: 334477fbe99048a5644ec3c6cc314a6a6ae1a6a0cd3967a3856057060a029aed
                                                                                                • Instruction Fuzzy Hash: A0716D71A00B09AFDB20DFA8CE85B6EBBF9FF48704F114918E582A25A0D775E940DF50
                                                                                                Function 0094FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 0094FE27
                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 0094FE32
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0094FE3D
                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 0094FE48
                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 0094FE53
                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 0094FE5E
                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 0094FE69
                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 0094FE74
                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 0094FE7F
                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 0094FE8A
                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 0094FE95
                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 0094FEA0
                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 0094FEAB
                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 0094FEB6
                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 0094FEC1
                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 0094FECC
                                                                                                • GetCursorInfo.USER32(?), ref: 0094FEDC
                                                                                                • GetLastError.KERNEL32 ref: 0094FF1E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                • String ID:
                                                                                                • API String ID: 3215588206-0
                                                                                                • Opcode ID: 1d5dfeab389533984740049c899efbfb28be91c0a2f698a1f367c1ef39e33e36
                                                                                                • Instruction ID: 1d7e99f945d3500b21cb6f5aa9e51e8033e5fd5f50b063d8f3822594f8a191d9
                                                                                                • Opcode Fuzzy Hash: 1d5dfeab389533984740049c899efbfb28be91c0a2f698a1f367c1ef39e33e36
                                                                                                • Instruction Fuzzy Hash: 5F4132B0D0831A6BDB109FBA8C85C5EBFA8FF04754B50456AF11DE7281DB789905CE91
                                                                                                Function 008F00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008F00C6
                                                                                                  • Part of subcall function 008F00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(009A070C,00000FA0,70DA44BB,?,?,?,?,009123B3,000000FF), ref: 008F011C
                                                                                                  • Part of subcall function 008F00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,009123B3,000000FF), ref: 008F0127
                                                                                                  • Part of subcall function 008F00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,009123B3,000000FF), ref: 008F0138
                                                                                                  • Part of subcall function 008F00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 008F014E
                                                                                                  • Part of subcall function 008F00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008F015C
                                                                                                  • Part of subcall function 008F00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008F016A
                                                                                                  • Part of subcall function 008F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008F0195
                                                                                                  • Part of subcall function 008F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008F01A0
                                                                                                • ___scrt_fastfail.LIBCMT ref: 008F00E7
                                                                                                  • Part of subcall function 008F00A3: __onexit.LIBCMT ref: 008F00A9
                                                                                                Strings
                                                                                                • WakeAllConditionVariable, xrefs: 008F0162
                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008F0122
                                                                                                • SleepConditionVariableCS, xrefs: 008F0154
                                                                                                • InitializeConditionVariable, xrefs: 008F0148
                                                                                                • kernel32.dll, xrefs: 008F0133
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                • API String ID: 66158676-1714406822
                                                                                                • Opcode ID: b4303df874bc79ffa615aafb1f148e32acdf42015e783b8511d6e4b27eca1c3c
                                                                                                • Instruction ID: 297cb7b57a7bebe5ced3627c48e6a263bdbf7f9fc127e27557547d7c95d07b80
                                                                                                • Opcode Fuzzy Hash: b4303df874bc79ffa615aafb1f148e32acdf42015e783b8511d6e4b27eca1c3c
                                                                                                • Instruction Fuzzy Hash: 5321267265D7196FE7106BB8AC15B7A3394FB86B54F01013AFA01E72D2DFB0A8409E91
                                                                                                Function 009330F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                • API String ID: 176396367-1603158881
                                                                                                • Opcode ID: 522fba172b947323b0961f04a16729e6c8b32e7ac2fb194a4c021650e0994a95
                                                                                                • Instruction ID: 99945f52596052c95f5145eabb8f73e37220d96e78bb0f689f0f05542cfa0450
                                                                                                • Opcode Fuzzy Hash: 522fba172b947323b0961f04a16729e6c8b32e7ac2fb194a4c021650e0994a95
                                                                                                • Instruction Fuzzy Hash: 16E1E632A40516ABCF149FB8C4516FEBBB4FF54710F54C22AE456E7250EB30AE859F90
                                                                                                Function 009444C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharLowerBuffW.USER32(00000000,00000000,0096CC08), ref: 00944527
                                                                                                • _wcslen.LIBCMT ref: 0094453B
                                                                                                • _wcslen.LIBCMT ref: 00944599
                                                                                                • _wcslen.LIBCMT ref: 009445F4
                                                                                                • _wcslen.LIBCMT ref: 0094463F
                                                                                                • _wcslen.LIBCMT ref: 009446A7
                                                                                                  • Part of subcall function 008EF9F2: _wcslen.LIBCMT ref: 008EF9FD
                                                                                                • GetDriveTypeW.KERNEL32(?,00996BF0,00000061), ref: 00944743
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                • API String ID: 2055661098-1000479233
                                                                                                • Opcode ID: 9b13b424786d0ce82f1161ae46746e3673fcb049c31bcac4ce4cb63c4efc14e9
                                                                                                • Instruction ID: 06150bfcc8c1c2d3003c44c6c22e886dd053c3b6cf9eb21fd568685e3cba18e6
                                                                                                • Opcode Fuzzy Hash: 9b13b424786d0ce82f1161ae46746e3673fcb049c31bcac4ce4cb63c4efc14e9
                                                                                                • Instruction Fuzzy Hash: 86B1CE716083029BCB20DF28C890E7AB7E9FFA5764F504A1EF596C7291E730D845CB92
                                                                                                Function 0095AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0095B198
                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0095B1B0
                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0095B1D4
                                                                                                • _wcslen.LIBCMT ref: 0095B200
                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0095B214
                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0095B236
                                                                                                • _wcslen.LIBCMT ref: 0095B332
                                                                                                  • Part of subcall function 009405A7: GetStdHandle.KERNEL32(000000F6), ref: 009405C6
                                                                                                • _wcslen.LIBCMT ref: 0095B34B
                                                                                                • _wcslen.LIBCMT ref: 0095B366
                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0095B3B6
                                                                                                • GetLastError.KERNEL32(00000000), ref: 0095B407
                                                                                                • CloseHandle.KERNEL32(?), ref: 0095B439
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0095B44A
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0095B45C
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0095B46E
                                                                                                • CloseHandle.KERNEL32(?), ref: 0095B4E3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 2178637699-0
                                                                                                • Opcode ID: 563f12fc32bf241a67052704f691c3a6312812734daaeb9da904b6c86f079db7
                                                                                                • Instruction ID: d85f68575e73aa97c0cdac47be519b35f4fef8968975c17fddca2f9255c51a92
                                                                                                • Opcode Fuzzy Hash: 563f12fc32bf241a67052704f691c3a6312812734daaeb9da904b6c86f079db7
                                                                                                • Instruction Fuzzy Hash: 36F17C716083409FC724EF29C891B6ABBE5FF85314F14895EF8959B2A2DB31EC44CB52
                                                                                                Function 00953FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,0096CC08), ref: 009540BB
                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 009540CD
                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0096CC08), ref: 009540F2
                                                                                                • FreeLibrary.KERNEL32(00000000,?,0096CC08), ref: 0095413E
                                                                                                • StringFromGUID2.OLE32(?,?,00000028,?,0096CC08), ref: 009541A8
                                                                                                • SysFreeString.OLEAUT32(00000009), ref: 00954262
                                                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 009542C8
                                                                                                • SysFreeString.OLEAUT32(?), ref: 009542F2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                • API String ID: 354098117-199464113
                                                                                                • Opcode ID: 51ce728cd1d509536a97d680717db64b57239ca4e67321917889cdad6c7cbadc
                                                                                                • Instruction ID: d7325ee66153ecfe181b55fd2bba270ad605a8ec860333a377af54c6770799bb
                                                                                                • Opcode Fuzzy Hash: 51ce728cd1d509536a97d680717db64b57239ca4e67321917889cdad6c7cbadc
                                                                                                • Instruction Fuzzy Hash: 6C126D71A00119EFDB54CF95C884EAEB7B9FF45319F248098F9059B261D731ED8ACBA0
                                                                                                Function 008D326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemCount.USER32(009A1990), ref: 00912F8D
                                                                                                • GetMenuItemCount.USER32(009A1990), ref: 0091303D
                                                                                                • GetCursorPos.USER32(?), ref: 00913081
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0091308A
                                                                                                • TrackPopupMenuEx.USER32(009A1990,00000000,?,00000000,00000000,00000000), ref: 0091309D
                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 009130A9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                • String ID: 0
                                                                                                • API String ID: 36266755-4108050209
                                                                                                • Opcode ID: 20661ca6055cfe2eddb7b6568a3da3fea17a5e0650aa1b0bab482326a96d9caf
                                                                                                • Instruction ID: b439acd25700b6c0ea3c27fe87534a39159782fdf690c89b4f1164bd5f25feca
                                                                                                • Opcode Fuzzy Hash: 20661ca6055cfe2eddb7b6568a3da3fea17a5e0650aa1b0bab482326a96d9caf
                                                                                                • Instruction Fuzzy Hash: 76711970744209BEEB219F29CC49FEABF78FF05364F204216F515AA2E0C7B1A960DB51
                                                                                                Function 00966CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00966DEB
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00966E5F
                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00966E81
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00966E94
                                                                                                • DestroyWindow.USER32(?), ref: 00966EB5
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,008D0000,00000000), ref: 00966EE4
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00966EFD
                                                                                                • GetDesktopWindow.USER32 ref: 00966F16
                                                                                                • GetWindowRect.USER32(00000000), ref: 00966F1D
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00966F35
                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00966F4D
                                                                                                  • Part of subcall function 008E9944: GetWindowLongW.USER32(?,000000EB), ref: 008E9952
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                • String ID: 0$tooltips_class32
                                                                                                • API String ID: 2429346358-3619404913
                                                                                                • Opcode ID: 053423cb94f3a338cebaf3545931e8959c52edd773a71ea11814e0ab0ac6ffda
                                                                                                • Instruction ID: ae2495e6d64d356b511f7f67141b937d7606fb5d8d7983d33ea990809edd3196
                                                                                                • Opcode Fuzzy Hash: 053423cb94f3a338cebaf3545931e8959c52edd773a71ea11814e0ab0ac6ffda
                                                                                                • Instruction Fuzzy Hash: 1B7177B4108245AFDB21CF18DC48EBBBBE9FB99304F04091EF99987261C771E916DB16
                                                                                                Function 0096911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00969147
                                                                                                  • Part of subcall function 00967674: ClientToScreen.USER32(?,?), ref: 0096769A
                                                                                                  • Part of subcall function 00967674: GetWindowRect.USER32(?,?), ref: 00967710
                                                                                                  • Part of subcall function 00967674: PtInRect.USER32(?,?,00968B89), ref: 00967720
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 009691B0
                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009691BB
                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009691DE
                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00969225
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0096923E
                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00969255
                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00969277
                                                                                                • DragFinish.SHELL32(?), ref: 0096927E
                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00969371
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                • API String ID: 221274066-3440237614
                                                                                                • Opcode ID: 530571216effd0dbe059043d7612abd6e5c258cb00383519fdb43835638e1332
                                                                                                • Instruction ID: b2224859a5880fe920d1fb9f49c86af705677ae184b1ded0ad723498d6f611b8
                                                                                                • Opcode Fuzzy Hash: 530571216effd0dbe059043d7612abd6e5c258cb00383519fdb43835638e1332
                                                                                                • Instruction Fuzzy Hash: B2612771108301AFD705DF64DC95DABBBE8FF89750F000A2EF5A5922A1DB709A49CB92
                                                                                                Function 0094C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0094C4B0
                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0094C4C3
                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0094C4D7
                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0094C4F0
                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0094C533
                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0094C549
                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0094C554
                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0094C584
                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0094C5DC
                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0094C5F0
                                                                                                • InternetCloseHandle.WININET(00000000), ref: 0094C5FB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                • String ID:
                                                                                                • API String ID: 3800310941-3916222277
                                                                                                • Opcode ID: d5830195855593ae0cf80a9a208a585a2252781c1508449a446376035ce6b2df
                                                                                                • Instruction ID: 6b77f34c5a89c488038adc4e6abd0a6deadab5237ff82e86baaa622ac0db66a7
                                                                                                • Opcode Fuzzy Hash: d5830195855593ae0cf80a9a208a585a2252781c1508449a446376035ce6b2df
                                                                                                • Instruction Fuzzy Hash: 9C515AF0515209BFDB619FA5C988EBB7BBCFF08754F00841EF98596210EB74E944AB60
                                                                                                Function 0096856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00968592
                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 009685A2
                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 009685AD
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009685BA
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 009685C8
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 009685D7
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 009685E0
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009685E7
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 009685F8
                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0096FC38,?), ref: 00968611
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00968621
                                                                                                • GetObjectW.GDI32(?,00000018,000000FF), ref: 00968641
                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00968671
                                                                                                • DeleteObject.GDI32(00000000), ref: 00968699
                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009686AF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                • String ID:
                                                                                                • API String ID: 3840717409-0
                                                                                                • Opcode ID: 144bfac9482da31527786839c9da508c68f22e953b254ef1e1f4aa9e2b86abe0
                                                                                                • Instruction ID: cfabc2a0af2bf52c950c0fd3c905e6abe0e9f5cd9e781afd6b720ef859de91f6
                                                                                                • Opcode Fuzzy Hash: 144bfac9482da31527786839c9da508c68f22e953b254ef1e1f4aa9e2b86abe0
                                                                                                • Instruction Fuzzy Hash: 7B4148B1604208AFDB119FA5CC48EAB7BBCEF89B11F104159F956E7260DB709901DB20
                                                                                                Function 009414BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00941502
                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0094150B
                                                                                                • VariantClear.OLEAUT32(?), ref: 00941517
                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009415FB
                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00941657
                                                                                                • VariantInit.OLEAUT32(?), ref: 00941708
                                                                                                • SysFreeString.OLEAUT32(?), ref: 0094178C
                                                                                                • VariantClear.OLEAUT32(?), ref: 009417D8
                                                                                                • VariantClear.OLEAUT32(?), ref: 009417E7
                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00941823
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                • API String ID: 1234038744-3931177956
                                                                                                • Opcode ID: b6e9796749ae6c8d71c9622211803e8e99bc0293a8d7b1157866c4d7e16da691
                                                                                                • Instruction ID: fcec24198f9aa6e0e8d86dc4157209f8afb68b65a63303d76c2ac8fc24c73036
                                                                                                • Opcode Fuzzy Hash: b6e9796749ae6c8d71c9622211803e8e99bc0293a8d7b1157866c4d7e16da691
                                                                                                • Instruction Fuzzy Hash: 26D10171A00109EBDB00AF69D885FB9B7B9FF45700F10855AF446EB291DB74EC80DB62
                                                                                                Function 0095B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 0095C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0095B6AE,?,?), ref: 0095C9B5
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095C9F1
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA68
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0095B6F4
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0095B772
                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 0095B80A
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0095B87E
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0095B89C
                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0095B8F2
                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0095B904
                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0095B922
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 0095B983
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0095B994
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                • API String ID: 146587525-4033151799
                                                                                                • Opcode ID: 14c5e87d297a776737e21fffb292fad749b9827866695e5b0adfbd20d959fbd5
                                                                                                • Instruction ID: e284dadd4f07249b8013e73a8ab3dec8c632db1e19fe22ccaeb797368b7ca695
                                                                                                • Opcode Fuzzy Hash: 14c5e87d297a776737e21fffb292fad749b9827866695e5b0adfbd20d959fbd5
                                                                                                • Instruction Fuzzy Hash: C5C17B30208201AFD714DF19C495F2ABBE5FF84318F14855DF99A8B7A2CB75E849CB92
                                                                                                Function 0095255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(00000000), ref: 009525D8
                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009525E8
                                                                                                • CreateCompatibleDC.GDI32(?), ref: 009525F4
                                                                                                • SelectObject.GDI32(00000000,?), ref: 00952601
                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0095266D
                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009526AC
                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009526D0
                                                                                                • SelectObject.GDI32(?,?), ref: 009526D8
                                                                                                • DeleteObject.GDI32(?), ref: 009526E1
                                                                                                • DeleteDC.GDI32(?), ref: 009526E8
                                                                                                • ReleaseDC.USER32(00000000,?), ref: 009526F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                • String ID: (
                                                                                                • API String ID: 2598888154-3887548279
                                                                                                • Opcode ID: 2b7665e0205faba029c361eddf24f0b6bb3bf4ae583b77e935ba9d858275c9fe
                                                                                                • Instruction ID: da771041d76f998406bbb68ea5cf7bf320ebe0238bfa6d6e9b3f003d09249f04
                                                                                                • Opcode Fuzzy Hash: 2b7665e0205faba029c361eddf24f0b6bb3bf4ae583b77e935ba9d858275c9fe
                                                                                                • Instruction Fuzzy Hash: FE61F2B5D04219EFCF04CFA8D884AAEBBB5FF49310F20852AF955A7250D774A941DF90
                                                                                                Function 0090DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___free_lconv_mon.LIBCMT ref: 0090DAA1
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D659
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D66B
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D67D
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D68F
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D6A1
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D6B3
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D6C5
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D6D7
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D6E9
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D6FB
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D70D
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D71F
                                                                                                  • Part of subcall function 0090D63C: _free.LIBCMT ref: 0090D731
                                                                                                • _free.LIBCMT ref: 0090DA96
                                                                                                  • Part of subcall function 009029C8: HeapFree.KERNEL32(00000000,00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000), ref: 009029DE
                                                                                                  • Part of subcall function 009029C8: GetLastError.KERNEL32(00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000,00000000), ref: 009029F0
                                                                                                • _free.LIBCMT ref: 0090DAB8
                                                                                                • _free.LIBCMT ref: 0090DACD
                                                                                                • _free.LIBCMT ref: 0090DAD8
                                                                                                • _free.LIBCMT ref: 0090DAFA
                                                                                                • _free.LIBCMT ref: 0090DB0D
                                                                                                • _free.LIBCMT ref: 0090DB1B
                                                                                                • _free.LIBCMT ref: 0090DB26
                                                                                                • _free.LIBCMT ref: 0090DB5E
                                                                                                • _free.LIBCMT ref: 0090DB65
                                                                                                • _free.LIBCMT ref: 0090DB82
                                                                                                • _free.LIBCMT ref: 0090DB9A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                • String ID:
                                                                                                • API String ID: 161543041-0
                                                                                                • Opcode ID: 0848717baaa6d6fc5146a8432c0cf8dd0d76a8d2448de9eae9c03bc05626e3e1
                                                                                                • Instruction ID: 3b26fb6db08202177a4b94a22a4a40c5f53023e9a9fc13c95b15a971fb462f06
                                                                                                • Opcode Fuzzy Hash: 0848717baaa6d6fc5146a8432c0cf8dd0d76a8d2448de9eae9c03bc05626e3e1
                                                                                                • Instruction Fuzzy Hash: E73157326053049FEB22ABB9E949B6AB7ECFF40310F214429E459D71D1DB35EC80CB20
                                                                                                Function 0093365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 0093369C
                                                                                                • _wcslen.LIBCMT ref: 009336A7
                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00933797
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 0093380C
                                                                                                • GetDlgCtrlID.USER32(?), ref: 0093385D
                                                                                                • GetWindowRect.USER32(?,?), ref: 00933882
                                                                                                • GetParent.USER32(?), ref: 009338A0
                                                                                                • ScreenToClient.USER32(00000000), ref: 009338A7
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00933921
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 0093395D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                • String ID: %s%u
                                                                                                • API String ID: 4010501982-679674701
                                                                                                • Opcode ID: 19322937a6c08ebd5a26285873ce6258a1894ebbf489fb2e45dcba054b98599c
                                                                                                • Instruction ID: 446c7061a088c1f644e0c09200dc52d4566d674ca8f6468db8ea6a15612c0d87
                                                                                                • Opcode Fuzzy Hash: 19322937a6c08ebd5a26285873ce6258a1894ebbf489fb2e45dcba054b98599c
                                                                                                • Instruction Fuzzy Hash: 3391BE71244606EFD719DF24C885BBAF7A8FF44354F008629FA9AD2190DB70EA45CFA1
                                                                                                Function 00934954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00934994
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 009349DA
                                                                                                • _wcslen.LIBCMT ref: 009349EB
                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 009349F7
                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00934A2C
                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00934A64
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00934A9D
                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00934AE6
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00934B20
                                                                                                • GetWindowRect.USER32(?,?), ref: 00934B8B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                • String ID: ThumbnailClass
                                                                                                • API String ID: 1311036022-1241985126
                                                                                                • Opcode ID: 150425f497cf822e6bf390443c63b9de4bdd02262be25d957f06df646e9aa7a5
                                                                                                • Instruction ID: 03164b15f2380fa7ac71e5c45202d86a3d63cbba7b82efc8cf6608d69fc8fc50
                                                                                                • Opcode Fuzzy Hash: 150425f497cf822e6bf390443c63b9de4bdd02262be25d957f06df646e9aa7a5
                                                                                                • Instruction Fuzzy Hash: 7191AC7110820A9FDB04CF14C985BAABBECFF84314F05846AFD859A196DB34ED45CFA2
                                                                                                Function 0093BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(009A1990,000000FF,00000000,00000030), ref: 0093BFAC
                                                                                                • SetMenuItemInfoW.USER32(009A1990,00000004,00000000,00000030), ref: 0093BFE1
                                                                                                • Sleep.KERNEL32(000001F4), ref: 0093BFF3
                                                                                                • GetMenuItemCount.USER32(?), ref: 0093C039
                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 0093C056
                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 0093C082
                                                                                                • GetMenuItemID.USER32(?,?), ref: 0093C0C9
                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0093C10F
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0093C124
                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0093C145
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                • String ID: 0
                                                                                                • API String ID: 1460738036-4108050209
                                                                                                • Opcode ID: 2fafb39a5180d568d6c1a4938f658e6c1eb610cf5d52b61dada3266d156febc4
                                                                                                • Instruction ID: a5e3f0e95c265c71972694d540fb4259fd1e026ddb0a99fb1f247035821efce4
                                                                                                • Opcode Fuzzy Hash: 2fafb39a5180d568d6c1a4938f658e6c1eb610cf5d52b61dada3266d156febc4
                                                                                                • Instruction Fuzzy Hash: 4A619FF191868AAFDF15CFA4CC88ABE7BB9EB45344F000019F951A3291CB75AD04EF61
                                                                                                Function 0095CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0095CC64
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0095CC8D
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0095CD48
                                                                                                  • Part of subcall function 0095CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0095CCAA
                                                                                                  • Part of subcall function 0095CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0095CCBD
                                                                                                  • Part of subcall function 0095CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0095CCCF
                                                                                                  • Part of subcall function 0095CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0095CD05
                                                                                                  • Part of subcall function 0095CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0095CD28
                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0095CCF3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                • API String ID: 2734957052-4033151799
                                                                                                • Opcode ID: 992e8758e39092c46b0d8d9b0ec772d8c46946cef90b214fe334d50654dd34bf
                                                                                                • Instruction ID: bb29e94d9fddc984df5c72fd52d62b56809d2d5a47f5993fa9c6bbf6c5ffa319
                                                                                                • Opcode Fuzzy Hash: 992e8758e39092c46b0d8d9b0ec772d8c46946cef90b214fe334d50654dd34bf
                                                                                                • Instruction Fuzzy Hash: 173190B1905218BFDB20DB95DC88EFFBB7CEF42741F000469F945E2140DAB48A49ABA0
                                                                                                Function 00943D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00943D40
                                                                                                • _wcslen.LIBCMT ref: 00943D6D
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00943D9D
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00943DBE
                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00943DCE
                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00943E55
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00943E60
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00943E6B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                • String ID: :$\$\??\%s
                                                                                                • API String ID: 1149970189-3457252023
                                                                                                • Opcode ID: 242575045df57b19093339361dcd84c76e9832d9b9c9e02fcef7ffb948f0e49f
                                                                                                • Instruction ID: 91e4c688d937446cbecb17f3609b5c9971ef27fa133823986270003480d20a34
                                                                                                • Opcode Fuzzy Hash: 242575045df57b19093339361dcd84c76e9832d9b9c9e02fcef7ffb948f0e49f
                                                                                                • Instruction Fuzzy Hash: F431B4B1A14209ABDB209BB4DC49FEF37BCEF89700F1081B9F605D61A0E77497448B24
                                                                                                Function 0093E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • timeGetTime.WINMM ref: 0093E6B4
                                                                                                  • Part of subcall function 008EE551: timeGetTime.WINMM(?,?,0093E6D4), ref: 008EE555
                                                                                                • Sleep.KERNEL32(0000000A), ref: 0093E6E1
                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0093E705
                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0093E727
                                                                                                • SetActiveWindow.USER32 ref: 0093E746
                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0093E754
                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 0093E773
                                                                                                • Sleep.KERNEL32(000000FA), ref: 0093E77E
                                                                                                • IsWindow.USER32 ref: 0093E78A
                                                                                                • EndDialog.USER32(00000000), ref: 0093E79B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                • String ID: BUTTON
                                                                                                • API String ID: 1194449130-3405671355
                                                                                                • Opcode ID: 58f92de93c68be76bd0d697460b1ac928db3c86da89f5e4bbef0c4c0b2c3e8b3
                                                                                                • Instruction ID: da24accfe5a394399af642ff9f251080d10bfd57583c814774f281f6bde3410e
                                                                                                • Opcode Fuzzy Hash: 58f92de93c68be76bd0d697460b1ac928db3c86da89f5e4bbef0c4c0b2c3e8b3
                                                                                                • Instruction Fuzzy Hash: D72184B0268205AFEB105F64EC99A393B6DFB56349F10042AF456826E1DBB1AC00AF65
                                                                                                Function 0093E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0093EA5D
                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0093EA73
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0093EA84
                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0093EA96
                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0093EAA7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: SendString$_wcslen
                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                • API String ID: 2420728520-1007645807
                                                                                                • Opcode ID: bfa703f5cddb08123fac6f38ffecb25ae2a9c1df70687a9002370ad414ee0173
                                                                                                • Instruction ID: 8f54e6813c13f1c3277d38bcc98fee1883aba34d997bab0056753acb83deb4dc
                                                                                                • Opcode Fuzzy Hash: bfa703f5cddb08123fac6f38ffecb25ae2a9c1df70687a9002370ad414ee0173
                                                                                                • Instruction Fuzzy Hash: C6118631A5026979DB20A7AADC4AEFF6B7CFBD1F44F00052AB401E21D1EEB05D45C9B2
                                                                                                Function 00939F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?), ref: 0093A012
                                                                                                • SetKeyboardState.USER32(?), ref: 0093A07D
                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 0093A09D
                                                                                                • GetKeyState.USER32(000000A0), ref: 0093A0B4
                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 0093A0E3
                                                                                                • GetKeyState.USER32(000000A1), ref: 0093A0F4
                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 0093A120
                                                                                                • GetKeyState.USER32(00000011), ref: 0093A12E
                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 0093A157
                                                                                                • GetKeyState.USER32(00000012), ref: 0093A165
                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 0093A18E
                                                                                                • GetKeyState.USER32(0000005B), ref: 0093A19C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: State$Async$Keyboard
                                                                                                • String ID:
                                                                                                • API String ID: 541375521-0
                                                                                                • Opcode ID: 9cefe52e3fe2b2797a2e2b43913b751d20b4986262e409a960baa209d94752d5
                                                                                                • Instruction ID: 44af3d0add83f14920485d7ea828924321a639ef15e259aa5a59cb238391bdf9
                                                                                                • Opcode Fuzzy Hash: 9cefe52e3fe2b2797a2e2b43913b751d20b4986262e409a960baa209d94752d5
                                                                                                • Instruction Fuzzy Hash: C051AA34A0878829FB35DBA089157EBBFF99F12380F08459DD5C2571C2DA94AE4CCF66
                                                                                                Function 00935CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00935CE2
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00935CFB
                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00935D59
                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00935D69
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00935D7B
                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00935DCF
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00935DDD
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00935DEF
                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00935E31
                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00935E44
                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00935E5A
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00935E67
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                • String ID:
                                                                                                • API String ID: 3096461208-0
                                                                                                • Opcode ID: 41ce798b70751f7282c58429c4de7b27572d34a73eacad7dcd2b57e2e3a9c576
                                                                                                • Instruction ID: cb9d28835832a04b8836b280d14840b9c69b3e3f7f2b5ec7ba355c6e88a7f7f1
                                                                                                • Opcode Fuzzy Hash: 41ce798b70751f7282c58429c4de7b27572d34a73eacad7dcd2b57e2e3a9c576
                                                                                                • Instruction Fuzzy Hash: 42511DB0B10605AFDF18CF68CD89AAEBBB9EB48301F118129F515E6290D7B09E00CF60
                                                                                                Function 008E8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008E8BE8,?,00000000,?,?,?,?,008E8BBA,00000000,?), ref: 008E8FC5
                                                                                                • DestroyWindow.USER32(?), ref: 008E8C81
                                                                                                • KillTimer.USER32(00000000,?,?,?,?,008E8BBA,00000000,?), ref: 008E8D1B
                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00926973
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,008E8BBA,00000000,?), ref: 009269A1
                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,008E8BBA,00000000,?), ref: 009269B8
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,008E8BBA,00000000), ref: 009269D4
                                                                                                • DeleteObject.GDI32(00000000), ref: 009269E6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                • String ID:
                                                                                                • API String ID: 641708696-0
                                                                                                • Opcode ID: 975b5ada231a1b4de99b07ca8bab5e3aafb1dcfd35bb361cea9aca77bf1a38bf
                                                                                                • Instruction ID: ff9197f9e2a690fccba8d339c385e5c78d052658301eff7bb7ed977fed93e5f0
                                                                                                • Opcode Fuzzy Hash: 975b5ada231a1b4de99b07ca8bab5e3aafb1dcfd35bb361cea9aca77bf1a38bf
                                                                                                • Instruction Fuzzy Hash: 6561CD30116650DFCB659F1AE948B2A77F1FF83316F20851DE0869B960CB75AD80EF90
                                                                                                Function 008E9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9944: GetWindowLongW.USER32(?,000000EB), ref: 008E9952
                                                                                                • GetSysColor.USER32(0000000F), ref: 008E9862
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ColorLongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 259745315-0
                                                                                                • Opcode ID: e70b85a5c4b392ddeac0624bdd6f57dd2ce0d5232719a35b37b7d892b0a2a2ac
                                                                                                • Instruction ID: 7d592fa23fa008ff68ee18935bd27671eb4f4d7bf98929ec2076f51463c5af5f
                                                                                                • Opcode Fuzzy Hash: e70b85a5c4b392ddeac0624bdd6f57dd2ce0d5232719a35b37b7d892b0a2a2ac
                                                                                                • Instruction Fuzzy Hash: 1E41A1711086A4AFDB205F399C84BB97B69FB17320F144629F9E2D72F1D7B09841EB11
                                                                                                Function 009396E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0091F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00939717
                                                                                                • LoadStringW.USER32(00000000,?,0091F7F8,00000001), ref: 00939720
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0091F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00939742
                                                                                                • LoadStringW.USER32(00000000,?,0091F7F8,00000001), ref: 00939745
                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00939866
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                • API String ID: 747408836-2268648507
                                                                                                • Opcode ID: 08c4f142f64eab4cc0db87d52b39f10b985e2e371f4bdb59114e1f93c5c5e1ad
                                                                                                • Instruction ID: 5c936d5797554522e131c909b963d9e95e7e2cda9a07948284497f6c3e11cf94
                                                                                                • Opcode Fuzzy Hash: 08c4f142f64eab4cc0db87d52b39f10b985e2e371f4bdb59114e1f93c5c5e1ad
                                                                                                • Instruction Fuzzy Hash: 5B414F72904209AADF04FBE8DE42EEE7778EF55744F100126F205B2292EA655F48CB62
                                                                                                Function 009306DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 009307A2
                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009307BE
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009307DA
                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00930804
                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0093082C
                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00930837
                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0093083C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                • API String ID: 323675364-22481851
                                                                                                • Opcode ID: ded254ff3deafe7fd4231b52e02f0a5b5176ca270d15b3337ea7282a24ceb4d0
                                                                                                • Instruction ID: 4104f0ac7e980f448414ea91fe4c86d817ec7e6a56c7404db1519c6d44a1f419
                                                                                                • Opcode Fuzzy Hash: ded254ff3deafe7fd4231b52e02f0a5b5176ca270d15b3337ea7282a24ceb4d0
                                                                                                • Instruction Fuzzy Hash: E0412972C10228ABDF15EBA8DC958EEB778FF44350F15412AF941A3260EB709E04CF91
                                                                                                Function 00963F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0096403B
                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00964042
                                                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00964055
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0096405D
                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00964068
                                                                                                • DeleteDC.GDI32(00000000), ref: 00964072
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0096407C
                                                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00964092
                                                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0096409E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                • String ID: static
                                                                                                • API String ID: 2559357485-2160076837
                                                                                                • Opcode ID: 08056098977f3ffef4c067346a602f8865982eb4d6afdb39b7aeaa9da344a297
                                                                                                • Instruction ID: 4a9e3a966773d47ef33c2f47e587cd9ae2a67756b81e2a48a336291e68463730
                                                                                                • Opcode Fuzzy Hash: 08056098977f3ffef4c067346a602f8865982eb4d6afdb39b7aeaa9da344a297
                                                                                                • Instruction Fuzzy Hash: F5318F72514215BBDF219FA8CC08FEA3B68FF0E364F010215FA65E61A0C7B5D850EB94
                                                                                                Function 00953C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 00953C5C
                                                                                                • CoInitialize.OLE32(00000000), ref: 00953C8A
                                                                                                • CoUninitialize.OLE32 ref: 00953C94
                                                                                                • _wcslen.LIBCMT ref: 00953D2D
                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00953DB1
                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00953ED5
                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00953F0E
                                                                                                • CoGetObject.OLE32(?,00000000,0096FB98,?), ref: 00953F2D
                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00953F40
                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00953FC4
                                                                                                • VariantClear.OLEAUT32(?), ref: 00953FD8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 429561992-0
                                                                                                • Opcode ID: 89148916dcc497be76c1d9f21b17c0e3fdbe9b897f4f22093cf10107f14c48cb
                                                                                                • Instruction ID: 5eb54b72f60eb96aa34d016e4adda38f2afa8c319ce361fc7e86f57c990d1c73
                                                                                                • Opcode Fuzzy Hash: 89148916dcc497be76c1d9f21b17c0e3fdbe9b897f4f22093cf10107f14c48cb
                                                                                                • Instruction Fuzzy Hash: 70C124716082059FD700DF69C88492BB7F9FF89789F10891DF98A9B250DB71EE09CB52
                                                                                                Function 00947A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000), ref: 00947AF3
                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00947B8F
                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00947BA3
                                                                                                • CoCreateInstance.OLE32(0096FD08,00000000,00000001,00996E6C,?), ref: 00947BEF
                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00947C74
                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 00947CCC
                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00947D57
                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00947D7A
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00947D81
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00947DD6
                                                                                                • CoUninitialize.OLE32 ref: 00947DDC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 2762341140-0
                                                                                                • Opcode ID: 6a01ea7bed9aea058a1e3dea53679af6dfda9677f5f3027d69c6706417aa6a2f
                                                                                                • Instruction ID: d5c158d05f5fa27acce6aceea67fdd556c8f569804b2b8e6bafe93aa4fcdca25
                                                                                                • Opcode Fuzzy Hash: 6a01ea7bed9aea058a1e3dea53679af6dfda9677f5f3027d69c6706417aa6a2f
                                                                                                • Instruction Fuzzy Hash: 32C10975A14109AFCB14DFA8C884DAEBBB9FF48304B148599F859DB361DB30EE45CB90
                                                                                                Function 0096541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00965504
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00965515
                                                                                                • CharNextW.USER32(00000158), ref: 00965544
                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00965585
                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0096559B
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009655AC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CharNext
                                                                                                • String ID:
                                                                                                • API String ID: 1350042424-0
                                                                                                • Opcode ID: 073b4b9f9b6ec78b837d89f0aef6df728a95153887a9fa701f165943fa06d3a0
                                                                                                • Instruction ID: f6301ad2165d5cc37d71e665bcec1ba55e3afc8f4848f69f3a1ee8d7d47bf9fc
                                                                                                • Opcode Fuzzy Hash: 073b4b9f9b6ec78b837d89f0aef6df728a95153887a9fa701f165943fa06d3a0
                                                                                                • Instruction Fuzzy Hash: AB61AF70904609EFDF108FA4CC84EFE7BB9EF09724F514549F965A72A0DB748A80EB60
                                                                                                Function 0092FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0092FAAF
                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 0092FB08
                                                                                                • VariantInit.OLEAUT32(?), ref: 0092FB1A
                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 0092FB3A
                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0092FB8D
                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 0092FBA1
                                                                                                • VariantClear.OLEAUT32(?), ref: 0092FBB6
                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 0092FBC3
                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0092FBCC
                                                                                                • VariantClear.OLEAUT32(?), ref: 0092FBDE
                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0092FBE9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                • String ID:
                                                                                                • API String ID: 2706829360-0
                                                                                                • Opcode ID: 5a1b8b7640fb3c42465ab5947daab467a729e939f29ef1af3308d2b4e31a83c8
                                                                                                • Instruction ID: 89ed8e269428a8a659614cf96dbe7e69e352997414d8efa5f503978fe32e61ef
                                                                                                • Opcode Fuzzy Hash: 5a1b8b7640fb3c42465ab5947daab467a729e939f29ef1af3308d2b4e31a83c8
                                                                                                • Instruction Fuzzy Hash: 46415F75A04219AFCB00DF68D8689BEBBB9FF48344F008079F945A7261DB70E945CFA0
                                                                                                Function 00939C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?), ref: 00939CA1
                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00939D22
                                                                                                • GetKeyState.USER32(000000A0), ref: 00939D3D
                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00939D57
                                                                                                • GetKeyState.USER32(000000A1), ref: 00939D6C
                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00939D84
                                                                                                • GetKeyState.USER32(00000011), ref: 00939D96
                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00939DAE
                                                                                                • GetKeyState.USER32(00000012), ref: 00939DC0
                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00939DD8
                                                                                                • GetKeyState.USER32(0000005B), ref: 00939DEA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: State$Async$Keyboard
                                                                                                • String ID:
                                                                                                • API String ID: 541375521-0
                                                                                                • Opcode ID: 28ca0a33b81ef7c7c79f05191d19158c48b566fc6e5c10cd4b8b0dbbf2a5032a
                                                                                                • Instruction ID: 5d88ac5a89819f8e6c5f2bf38a0f283af729cb8a05a9f89bca285c0dec68ee26
                                                                                                • Opcode Fuzzy Hash: 28ca0a33b81ef7c7c79f05191d19158c48b566fc6e5c10cd4b8b0dbbf2a5032a
                                                                                                • Instruction Fuzzy Hash: A441D6745087CA6DFF309764C8053B6BEA8AF11344F04805EEAD7566C2DBE499C8CF92
                                                                                                Function 0095055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 009505BC
                                                                                                • inet_addr.WSOCK32(?), ref: 0095061C
                                                                                                • gethostbyname.WSOCK32(?), ref: 00950628
                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00950636
                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009506C6
                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009506E5
                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 009507B9
                                                                                                • WSACleanup.WSOCK32 ref: 009507BF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                • String ID: Ping
                                                                                                • API String ID: 1028309954-2246546115
                                                                                                • Opcode ID: 33db4fed89ded827d10410574afad37d5a5e7bc91d952707ccf875b528bab8f2
                                                                                                • Instruction ID: bdc2b9f3d606fa1c8ac0ace8ad325023a2a088050d09cdd596181bf5e1cfb635
                                                                                                • Opcode Fuzzy Hash: 33db4fed89ded827d10410574afad37d5a5e7bc91d952707ccf875b528bab8f2
                                                                                                • Instruction Fuzzy Hash: 659180755082019FD320DF1AD889B16BBE4FF88318F158599F8698B7A2D770ED45CF81
                                                                                                Function 00958CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                • API String ID: 707087890-567219261
                                                                                                • Opcode ID: 316d981365d7b2e2552234395263fc976caa0f355ef6dea5a8863b9bd7012a74
                                                                                                • Instruction ID: 926e9b1c613efbe21819adeb73bfe822d68860a6a5c62cfe9efab34e9ee2f534
                                                                                                • Opcode Fuzzy Hash: 316d981365d7b2e2552234395263fc976caa0f355ef6dea5a8863b9bd7012a74
                                                                                                • Instruction Fuzzy Hash: EB519F31A001169ACB24EF6DC8419BFB7F9BF64725B204629E866F72C4EB35DD48C790
                                                                                                Function 0095372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32 ref: 00953774
                                                                                                • CoUninitialize.OLE32 ref: 0095377F
                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,0096FB78,?), ref: 009537D9
                                                                                                • IIDFromString.OLE32(?,?), ref: 0095384C
                                                                                                • VariantInit.OLEAUT32(?), ref: 009538E4
                                                                                                • VariantClear.OLEAUT32(?), ref: 00953936
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                • API String ID: 636576611-1287834457
                                                                                                • Opcode ID: 3caf8c6c67ce6608bf50bcc122cd9b8629e1a32c7e507a8e9daac8eed6d13c2b
                                                                                                • Instruction ID: 0f06bf4e664feeddf6893d464fed9592d491ad9bcc7aaa84c54bdd132b0667c6
                                                                                                • Opcode Fuzzy Hash: 3caf8c6c67ce6608bf50bcc122cd9b8629e1a32c7e507a8e9daac8eed6d13c2b
                                                                                                • Instruction Fuzzy Hash: EE61A3B0608301AFD311DF56C845F6AB7E8EF89755F10890DF9859B291D770EE48CB92
                                                                                                Function 00943388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009433CF
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009433F0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LoadString$_wcslen
                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                • API String ID: 4099089115-3080491070
                                                                                                • Opcode ID: 28c4c851d98b18963b47678be9ada1e9541e3c71b26fb7235fd369a803f97a87
                                                                                                • Instruction ID: efc5b5504d0babc94124b196ed8d77c1eae4d1d77e01aba4efcc8844bef5e841
                                                                                                • Opcode Fuzzy Hash: 28c4c851d98b18963b47678be9ada1e9541e3c71b26fb7235fd369a803f97a87
                                                                                                • Instruction Fuzzy Hash: C8519D71904209AADF18EBA4DD42EEEB778FF14344F104166F105B22A2EB652F58DB62
                                                                                                Function 0093B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                • API String ID: 1256254125-769500911
                                                                                                • Opcode ID: 683ea10a9bc260862ed86da7177b755e99150d4aa1160a0cbf800e5c3d1a3eff
                                                                                                • Instruction ID: 391d3f101f695afa7dcf42e9fc18a51dbb90fbe8f4dc7656584eece7f582af7c
                                                                                                • Opcode Fuzzy Hash: 683ea10a9bc260862ed86da7177b755e99150d4aa1160a0cbf800e5c3d1a3eff
                                                                                                • Instruction Fuzzy Hash: 7341C732B001269BCB205F7DC8915BE77A9FBA076CF24412AE665D7285F735CD81CB90
                                                                                                Function 00945393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 009453A0
                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00945416
                                                                                                • GetLastError.KERNEL32 ref: 00945420
                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 009454A7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                • API String ID: 4194297153-14809454
                                                                                                • Opcode ID: 17f8ed605a27bbc0eb6c065cee65ece7258c3bcadc23c2a762548e09c0b9c57e
                                                                                                • Instruction ID: 2ae7ed518b82866948bf276288eadcced98c81853ee3d95de729f94f2af36b6b
                                                                                                • Opcode Fuzzy Hash: 17f8ed605a27bbc0eb6c065cee65ece7258c3bcadc23c2a762548e09c0b9c57e
                                                                                                • Instruction Fuzzy Hash: BF319F75A006049FCB10DFA8C884EAA7BB8FB45345F15806AF405CF2A2EB75DD82CB91
                                                                                                Function 00963C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateMenu.USER32 ref: 00963C79
                                                                                                • SetMenu.USER32(?,00000000), ref: 00963C88
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00963D10
                                                                                                • IsMenu.USER32(?), ref: 00963D24
                                                                                                • CreatePopupMenu.USER32 ref: 00963D2E
                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00963D5B
                                                                                                • DrawMenuBar.USER32 ref: 00963D63
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                • String ID: 0$F
                                                                                                • API String ID: 161812096-3044882817
                                                                                                • Opcode ID: 60efb2051d2fcee568ca081fdc074b6e74cc9ce4ff239808e5522fb4cbb167cd
                                                                                                • Instruction ID: 40982a98942f67d96393449ac587d4a343772397291cfe6bbfac88fa7c353451
                                                                                                • Opcode Fuzzy Hash: 60efb2051d2fcee568ca081fdc074b6e74cc9ce4ff239808e5522fb4cbb167cd
                                                                                                • Instruction Fuzzy Hash: 58419AB8A05209EFDB14CF64DC54AAA7BB9FF49310F14402DF946A73A0D770AA10DF90
                                                                                                Function 00931EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 00933CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00933CCA
                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00931F64
                                                                                                • GetDlgCtrlID.USER32 ref: 00931F6F
                                                                                                • GetParent.USER32 ref: 00931F8B
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00931F8E
                                                                                                • GetDlgCtrlID.USER32(?), ref: 00931F97
                                                                                                • GetParent.USER32(?), ref: 00931FAB
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00931FAE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 711023334-1403004172
                                                                                                • Opcode ID: d32d447c951bf20a7185461c6ca1cc07fe27df7ee939ce90b3f3fc982470c85b
                                                                                                • Instruction ID: 1ca57e9347528b69f0dd92f84eefe3fffa18952edcb87eb05d303aaa551c8edc
                                                                                                • Opcode Fuzzy Hash: d32d447c951bf20a7185461c6ca1cc07fe27df7ee939ce90b3f3fc982470c85b
                                                                                                • Instruction Fuzzy Hash: E221D474A00215BBCF05AFA4DC85EFEBBB8EF05310F00421AF9A1A72A1CB745904DF64
                                                                                                Function 00931FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 00933CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00933CCA
                                                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00932043
                                                                                                • GetDlgCtrlID.USER32 ref: 0093204E
                                                                                                • GetParent.USER32 ref: 0093206A
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 0093206D
                                                                                                • GetDlgCtrlID.USER32(?), ref: 00932076
                                                                                                • GetParent.USER32(?), ref: 0093208A
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 0093208D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 711023334-1403004172
                                                                                                • Opcode ID: 42ceec550007fd954586a2efa3a8769d4b621e88485bdadfeac563e3731d6a50
                                                                                                • Instruction ID: 2eaa23cd6d50c4970372834b174d9176bf4ca227da81e22f47ebeeb7e68875a3
                                                                                                • Opcode Fuzzy Hash: 42ceec550007fd954586a2efa3a8769d4b621e88485bdadfeac563e3731d6a50
                                                                                                • Instruction Fuzzy Hash: 2721F6B1A00214BBCF15AFA4DC45EFEBBB8FF05300F004416F991A72A1CA754918DF60
                                                                                                Function 00963A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00963A9D
                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00963AA0
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00963AC7
                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00963AEA
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00963B62
                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00963BAC
                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00963BC7
                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00963BE2
                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00963BF6
                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00963C13
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 312131281-0
                                                                                                • Opcode ID: 24f335e2d2eb7e79d9e7323aa310e8e450e6e7846d699d565943dbabc0e5eb6d
                                                                                                • Instruction ID: 73297783a0a3e9776243c3416a7567dea6064644f832014eb1bafc858881ff42
                                                                                                • Opcode Fuzzy Hash: 24f335e2d2eb7e79d9e7323aa310e8e450e6e7846d699d565943dbabc0e5eb6d
                                                                                                • Instruction Fuzzy Hash: 79616675A00208AFDB10DFA8CC81EEE77B8EF49704F10419AFA55A72A1D774AA85DB50
                                                                                                Function 0093B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0093B151
                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0093A1E1,?,00000001), ref: 0093B165
                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 0093B16C
                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0093A1E1,?,00000001), ref: 0093B17B
                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 0093B18D
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0093A1E1,?,00000001), ref: 0093B1A6
                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0093A1E1,?,00000001), ref: 0093B1B8
                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0093A1E1,?,00000001), ref: 0093B1FD
                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0093A1E1,?,00000001), ref: 0093B212
                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0093A1E1,?,00000001), ref: 0093B21D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                • String ID:
                                                                                                • API String ID: 2156557900-0
                                                                                                • Opcode ID: 38f2d28752c3a31901144dc1c71d405f3dfced965553166499063fc9918be05a
                                                                                                • Instruction ID: e8b0d39466c3b393ee4e32f1b67f659d5813d0172d3668248ec4af2518531ecf
                                                                                                • Opcode Fuzzy Hash: 38f2d28752c3a31901144dc1c71d405f3dfced965553166499063fc9918be05a
                                                                                                • Instruction Fuzzy Hash: E0319CB5528214BFDF109F64DC89B7EBBADBF62311F108109FA12D6190D7B49A409FA4
                                                                                                Function 00902C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00902C94
                                                                                                  • Part of subcall function 009029C8: HeapFree.KERNEL32(00000000,00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000), ref: 009029DE
                                                                                                  • Part of subcall function 009029C8: GetLastError.KERNEL32(00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000,00000000), ref: 009029F0
                                                                                                • _free.LIBCMT ref: 00902CA0
                                                                                                • _free.LIBCMT ref: 00902CAB
                                                                                                • _free.LIBCMT ref: 00902CB6
                                                                                                • _free.LIBCMT ref: 00902CC1
                                                                                                • _free.LIBCMT ref: 00902CCC
                                                                                                • _free.LIBCMT ref: 00902CD7
                                                                                                • _free.LIBCMT ref: 00902CE2
                                                                                                • _free.LIBCMT ref: 00902CED
                                                                                                • _free.LIBCMT ref: 00902CFB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: ba4e4a4d9b542d2914e4c968ddb028d2d11669ff0e70ef16ce9cdec100793f75
                                                                                                • Instruction ID: 29399c34aaf14a7c5250b785b9b59074ae5263568f3ebbf91d9801d07da81110
                                                                                                • Opcode Fuzzy Hash: ba4e4a4d9b542d2914e4c968ddb028d2d11669ff0e70ef16ce9cdec100793f75
                                                                                                • Instruction Fuzzy Hash: 9711C876100108BFCB02EF54DA86EDD3BA9FF45350F6144A5FA589F2B2DA31EE509B90
                                                                                                Function 00947DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00947FAD
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00947FC1
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00947FEB
                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00948005
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00948017
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00948060
                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009480B0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                • String ID: *.*
                                                                                                • API String ID: 769691225-438819550
                                                                                                • Opcode ID: d900a618d13991026a0ddce43853adc9fe1841bb048634418a0c92179887bad3
                                                                                                • Instruction ID: f9a1ac1126b6f5bf728c1744629aead66141cd6d58d7d97e0259c38d470e029c
                                                                                                • Opcode Fuzzy Hash: d900a618d13991026a0ddce43853adc9fe1841bb048634418a0c92179887bad3
                                                                                                • Instruction Fuzzy Hash: 0D818E715182499BCB24EF54C844EAFB3E8FB88310F144E5EF885D7260EB75DD498B52
                                                                                                Function 008D5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 008D5C7A
                                                                                                  • Part of subcall function 008D5D0A: GetClientRect.USER32(?,?), ref: 008D5D30
                                                                                                  • Part of subcall function 008D5D0A: GetWindowRect.USER32(?,?), ref: 008D5D71
                                                                                                  • Part of subcall function 008D5D0A: ScreenToClient.USER32(?,?), ref: 008D5D99
                                                                                                • GetDC.USER32 ref: 009146F5
                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00914708
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00914716
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0091472B
                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00914733
                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 009147C4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                • String ID: U
                                                                                                • API String ID: 4009187628-3372436214
                                                                                                • Opcode ID: 3151a981fcd0dfe6db850e362c70833f89cdf7b38dd219dfa1f16fea43e6f317
                                                                                                • Instruction ID: 1e0eddb608967a5791a98318ca76c64e4a380d384ace301855a049a8df6703db
                                                                                                • Opcode Fuzzy Hash: 3151a981fcd0dfe6db850e362c70833f89cdf7b38dd219dfa1f16fea43e6f317
                                                                                                • Instruction Fuzzy Hash: 9171F130604209DFCF218F64C984AFA3BB9FF4A365F14426AFD559A2A6C7319C81DF50
                                                                                                Function 0094359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009435E4
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • LoadStringW.USER32(009A2390,?,00000FFF,?), ref: 0094360A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LoadString$_wcslen
                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                • API String ID: 4099089115-2391861430
                                                                                                • Opcode ID: 95cc33c85ee4a3b5160a0695c474e6902fc489a4619a83d5317bf002139289aa
                                                                                                • Instruction ID: 7c09117c89411b8e1ab4430de572286e4512f873ecbcac31324a721f9923b316
                                                                                                • Opcode Fuzzy Hash: 95cc33c85ee4a3b5160a0695c474e6902fc489a4619a83d5317bf002139289aa
                                                                                                • Instruction Fuzzy Hash: 72516271900109BADF14EBA4DC42EEEBB78FF44354F144226F105B22A1EB711B95DFA2
                                                                                                Function 0094C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0094C272
                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0094C29A
                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0094C2CA
                                                                                                • GetLastError.KERNEL32 ref: 0094C322
                                                                                                • SetEvent.KERNEL32(?), ref: 0094C336
                                                                                                • InternetCloseHandle.WININET(00000000), ref: 0094C341
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                • String ID:
                                                                                                • API String ID: 3113390036-3916222277
                                                                                                • Opcode ID: 2d61d45a654860d78d4cec8d1a8d0b02b304013feba6c49ff79d76a81d7d977e
                                                                                                • Instruction ID: 08989494f8f34d949fe28eeec4b5bb8fd30291b09be6619f12812625294764b9
                                                                                                • Opcode Fuzzy Hash: 2d61d45a654860d78d4cec8d1a8d0b02b304013feba6c49ff79d76a81d7d977e
                                                                                                • Instruction Fuzzy Hash: 6F317CF1605208AFD7619FA48C88EBB7BFCEB49744B14851EF486D2210DB74DD049B61
                                                                                                Function 0093989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00913AAF,?,?,Bad directive syntax error,0096CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 009398BC
                                                                                                • LoadStringW.USER32(00000000,?,00913AAF,?), ref: 009398C3
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00939987
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                • API String ID: 858772685-4153970271
                                                                                                • Opcode ID: 994d745402ae1dfbbba293cc3ee9963594232917d72376ee63dc771bdfd35b4e
                                                                                                • Instruction ID: 5cbf3c7a2c7b8f343382a7832109858076d30b5fbef4e7ad452feb3e0458bffc
                                                                                                • Opcode Fuzzy Hash: 994d745402ae1dfbbba293cc3ee9963594232917d72376ee63dc771bdfd35b4e
                                                                                                • Instruction Fuzzy Hash: 9521A03190420EABDF15AF94CC06FEE7739FF18304F04442AF515A21A2EB719A28DB12
                                                                                                Function 0093209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32 ref: 009320AB
                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 009320C0
                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0093214D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                • API String ID: 1290815626-3381328864
                                                                                                • Opcode ID: 33d401f6a0a3900ffcc7cb141dbfc1b2102ad13543896cfcf90fa53841298a15
                                                                                                • Instruction ID: 7d6de2527fcadcfb2ba4d497394e006a43162e43b8da321ed4def4824bfa4f53
                                                                                                • Opcode Fuzzy Hash: 33d401f6a0a3900ffcc7cb141dbfc1b2102ad13543896cfcf90fa53841298a15
                                                                                                • Instruction Fuzzy Hash: EC11067668C70BB9FA022378DC06DB7379CDB05328F21015AFB04E50E1EAB5A8025A28
                                                                                                Function 00908D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1ef27eb0ca74d914aad7b918dcded5596154b3aca062b3126f89aefc483258a4
                                                                                                • Instruction ID: 076f8ce134e2d1408a379e5a8ffc999d570809b53c01aea702c5e4c34d1ce855
                                                                                                • Opcode Fuzzy Hash: 1ef27eb0ca74d914aad7b918dcded5596154b3aca062b3126f89aefc483258a4
                                                                                                • Instruction Fuzzy Hash: 6DC1F2B4A04249AFDF11DFA8C841BAEBBB8BF4A310F144199FA54A73D3C7749941CB61
                                                                                                Function 0090CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                • String ID:
                                                                                                • API String ID: 1282221369-0
                                                                                                • Opcode ID: a4a28d249eb9f4391a83c9ffd25953590065ac7e4548005601830b259d6a3ac7
                                                                                                • Instruction ID: 2ff6ac5db1d9f8dde9e65f23a41108d69506d79c4f4a188204121a6a7554dbb5
                                                                                                • Opcode Fuzzy Hash: a4a28d249eb9f4391a83c9ffd25953590065ac7e4548005601830b259d6a3ac7
                                                                                                • Instruction Fuzzy Hash: D9615AF2904302AFDB21AFB4D885B6D7BADEF45310F14426DFA44A72C2D6319D019791
                                                                                                Function 009650D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00965186
                                                                                                • ShowWindow.USER32(?,00000000), ref: 009651C7
                                                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 009651CD
                                                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 009651D1
                                                                                                  • Part of subcall function 00966FBA: DeleteObject.GDI32(00000000), ref: 00966FE6
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0096520D
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0096521A
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0096524D
                                                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00965287
                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00965296
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                • String ID:
                                                                                                • API String ID: 3210457359-0
                                                                                                • Opcode ID: 5b35714dd0fef3a7f9237509e874b2ee29ebbfb5b277ff6aa48bd615c42c30d1
                                                                                                • Instruction ID: edc81eab845d4e9e8681cf95b50d0580a4769998c69a90db384c2ec0e0b371f1
                                                                                                • Opcode Fuzzy Hash: 5b35714dd0fef3a7f9237509e874b2ee29ebbfb5b277ff6aa48bd615c42c30d1
                                                                                                • Instruction Fuzzy Hash: 1B51E5B0A58A09BFEF309F24CC55BD93B69FF06320F164012F625962E0C3B5E990EB51
                                                                                                Function 008E8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00926890
                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 009268A9
                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 009268B9
                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 009268D1
                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 009268F2
                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008E8874,00000000,00000000,00000000,000000FF,00000000), ref: 00926901
                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0092691E
                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008E8874,00000000,00000000,00000000,000000FF,00000000), ref: 0092692D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 1268354404-0
                                                                                                • Opcode ID: d34c7641787861ccdeeaa02195724fd125e1a18bf53a4781f2d95253fd9f8b90
                                                                                                • Instruction ID: 9b853a2db93a31cf041582b706052677e7675214bb2baa84591c00327d502cf9
                                                                                                • Opcode Fuzzy Hash: d34c7641787861ccdeeaa02195724fd125e1a18bf53a4781f2d95253fd9f8b90
                                                                                                • Instruction Fuzzy Hash: 575199B4610209EFDB20CF25DC55BAA7BB9FF89360F104518F956D72A0DBB0E990EB40
                                                                                                Function 0094C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0094C182
                                                                                                • GetLastError.KERNEL32 ref: 0094C195
                                                                                                • SetEvent.KERNEL32(?), ref: 0094C1A9
                                                                                                  • Part of subcall function 0094C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0094C272
                                                                                                  • Part of subcall function 0094C253: GetLastError.KERNEL32 ref: 0094C322
                                                                                                  • Part of subcall function 0094C253: SetEvent.KERNEL32(?), ref: 0094C336
                                                                                                  • Part of subcall function 0094C253: InternetCloseHandle.WININET(00000000), ref: 0094C341
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                • String ID:
                                                                                                • API String ID: 337547030-0
                                                                                                • Opcode ID: dffac8b7f447351c1f947783efccf40fd450853037b3b19e05b923bcdce3ae6a
                                                                                                • Instruction ID: ff0b359c176f65b22887f9a224a00bb11cbe08ef73bbf86651fefff5cef2f157
                                                                                                • Opcode Fuzzy Hash: dffac8b7f447351c1f947783efccf40fd450853037b3b19e05b923bcdce3ae6a
                                                                                                • Instruction Fuzzy Hash: BB31AEB1206641BFDB619FB5DC04E76BBFCFF58300B00442DF9AA82620D7B1E814AB60
                                                                                                Function 009325A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00933A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00933A57
                                                                                                  • Part of subcall function 00933A3D: GetCurrentThreadId.KERNEL32 ref: 00933A5E
                                                                                                  • Part of subcall function 00933A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009325B3), ref: 00933A65
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 009325BD
                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 009325DB
                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 009325DF
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 009325E9
                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00932601
                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00932605
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 0093260F
                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00932623
                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00932627
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2014098862-0
                                                                                                • Opcode ID: e898ad12ffac83e8a3f67e813b502625b0dde11ce769e3c4aa115cd688fecbf5
                                                                                                • Instruction ID: 40a793d2da9702ed15077885a5797bedb5d2dbc11a6ed26fd53194f47896c29c
                                                                                                • Opcode Fuzzy Hash: e898ad12ffac83e8a3f67e813b502625b0dde11ce769e3c4aa115cd688fecbf5
                                                                                                • Instruction Fuzzy Hash: 4A01D4703A8210BBFB107768DC8AF693F59DF8EB12F110006F358AE0E1C9E224449E69
                                                                                                Function 00931803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00931449,?,?,00000000), ref: 0093180C
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00931449,?,?,00000000), ref: 00931813
                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00931449,?,?,00000000), ref: 00931828
                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00931449,?,?,00000000), ref: 00931830
                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00931449,?,?,00000000), ref: 00931833
                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00931449,?,?,00000000), ref: 00931843
                                                                                                • GetCurrentProcess.KERNEL32(00931449,00000000,?,00931449,?,?,00000000), ref: 0093184B
                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00931449,?,?,00000000), ref: 0093184E
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00931874,00000000,00000000,00000000), ref: 00931868
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                • String ID:
                                                                                                • API String ID: 1957940570-0
                                                                                                • Opcode ID: d06e54154b30de16c6c87c7f71da31c77c260e95495de90645ee1de8176cde34
                                                                                                • Instruction ID: 254d15590a2b71f8c82530bacbe1b9f09dca573783549202577b1d5ec6e3dfb0
                                                                                                • Opcode Fuzzy Hash: d06e54154b30de16c6c87c7f71da31c77c260e95495de90645ee1de8176cde34
                                                                                                • Instruction Fuzzy Hash: D401BBB5254348BFE710ABA5DD4DF6B3BACEB8AB11F014415FA45DB2A1CAB19800DB30
                                                                                                Function 0095A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0093D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0093D501
                                                                                                  • Part of subcall function 0093D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0093D50F
                                                                                                  • Part of subcall function 0093D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 0093D5DC
                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0095A16D
                                                                                                • GetLastError.KERNEL32 ref: 0095A180
                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0095A1B3
                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0095A268
                                                                                                • GetLastError.KERNEL32(00000000), ref: 0095A273
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0095A2C4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                                                • String ID: SeDebugPrivilege
                                                                                                • API String ID: 1701285019-2896544425
                                                                                                • Opcode ID: c0ff311329427de969caf620a8e24f5e44969bc6796ac396c6e4c6bb53d6cc9c
                                                                                                • Instruction ID: a5cc94904f5052421be1f53cd2785345ed8ccc3c77d00c7757740e758f64f353
                                                                                                • Opcode Fuzzy Hash: c0ff311329427de969caf620a8e24f5e44969bc6796ac396c6e4c6bb53d6cc9c
                                                                                                • Instruction Fuzzy Hash: 3661AE702082429FD710DF1AC495F25BBE5AF44319F14858CE8668B7A3C7B6EC49CB96
                                                                                                Function 00963886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00963925
                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0096393A
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00963954
                                                                                                • _wcslen.LIBCMT ref: 00963999
                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 009639C6
                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009639F4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                • String ID: SysListView32
                                                                                                • API String ID: 2147712094-78025650
                                                                                                • Opcode ID: 87877a43b21405931ec6c60aa60632c02315eae4c6e90fa14db16557c9aa88e6
                                                                                                • Instruction ID: c81549379765af534aac3a861f0ad663e462bfce14fd8796d0808abc7ff01f28
                                                                                                • Opcode Fuzzy Hash: 87877a43b21405931ec6c60aa60632c02315eae4c6e90fa14db16557c9aa88e6
                                                                                                • Instruction Fuzzy Hash: 7E41B571A00319ABEF219F64CC45FEA7BA9FF48354F10452AF958E7281D7B59D80CB90
                                                                                                Function 0093BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0093BCFD
                                                                                                • IsMenu.USER32(00000000), ref: 0093BD1D
                                                                                                • CreatePopupMenu.USER32 ref: 0093BD53
                                                                                                • GetMenuItemCount.USER32(00D16768), ref: 0093BDA4
                                                                                                • InsertMenuItemW.USER32(00D16768,?,00000001,00000030), ref: 0093BDCC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                • String ID: 0$2
                                                                                                • API String ID: 93392585-3793063076
                                                                                                • Opcode ID: 71082fd0efd88d50c01f2025991dc6b7db58ba7f040b0b7ea41ec99e9fac1c8e
                                                                                                • Instruction ID: 856f6d4ea7a6e997d8a0a841208061809af67d554050a1dd476f25ddd00dbbbb
                                                                                                • Opcode Fuzzy Hash: 71082fd0efd88d50c01f2025991dc6b7db58ba7f040b0b7ea41ec99e9fac1c8e
                                                                                                • Instruction Fuzzy Hash: 72519DB0A042099BDB20DFA8D884BAEBBF8FF85314F144559F662EB2D1D7709941CF61
                                                                                                Function 0093C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 0093C913
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconLoad
                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                • API String ID: 2457776203-404129466
                                                                                                • Opcode ID: dc36ae235509e95e1fa4cd4b13ced275daacb1e065e6d2c8a666301b0d6eed8e
                                                                                                • Instruction ID: a1ca0ccab7495fa2f19bed481d924e9d8a615636e6ea3fed999c1af5337881ac
                                                                                                • Opcode Fuzzy Hash: dc36ae235509e95e1fa4cd4b13ced275daacb1e065e6d2c8a666301b0d6eed8e
                                                                                                • Instruction Fuzzy Hash: 43113D72689B0ABAEB009B689C83DBB779CDF15318F11006FF500F6282D7B46F005B65
                                                                                                Function 0093DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                • String ID: 0.0.0.0
                                                                                                • API String ID: 642191829-3771769585
                                                                                                • Opcode ID: 3f8537817fb9256fd572843aa64ca08309388f9bfbb70e6e69de02db5541aa8d
                                                                                                • Instruction ID: ba19ad5d38e33c346156726be683df790aacfb976cf018e0b49530ec90f7ad59
                                                                                                • Opcode Fuzzy Hash: 3f8537817fb9256fd572843aa64ca08309388f9bfbb70e6e69de02db5541aa8d
                                                                                                • Instruction Fuzzy Hash: 7A110A71904119AFCB306B34AC0AEFF7B6CEF51710F04016EF545D6091EFB59A819E51
                                                                                                Function 00969F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00969FC7
                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00969FE7
                                                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0096A224
                                                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0096A242
                                                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0096A263
                                                                                                • ShowWindow.USER32(00000003,00000000), ref: 0096A282
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0096A2A7
                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 0096A2CA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                • String ID:
                                                                                                • API String ID: 1211466189-0
                                                                                                • Opcode ID: 1e8706053f34f18fc6778f02aa492400605a951a40a52723823eac6dd537c56f
                                                                                                • Instruction ID: 87e2d234133708904cc29c099d4f88f9071e1989357b65d745d595b8c2df85f2
                                                                                                • Opcode Fuzzy Hash: 1e8706053f34f18fc6778f02aa492400605a951a40a52723823eac6dd537c56f
                                                                                                • Instruction Fuzzy Hash: 3EB1D830604215EFCF14CF68C9947AE3BB6FF45311F098069EC99AB295D731A940CF61
                                                                                                Function 0093ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$LocalTime
                                                                                                • String ID:
                                                                                                • API String ID: 952045576-0
                                                                                                • Opcode ID: 7ca048f239ecae4fbece5ae15c15ef225bfae6f86197e366b886fd4bfc2cc278
                                                                                                • Instruction ID: 82bb24023cbbaf1538dbb8587d36e2c450c83d68f42fdf4589335954a82a8842
                                                                                                • Opcode Fuzzy Hash: 7ca048f239ecae4fbece5ae15c15ef225bfae6f86197e366b886fd4bfc2cc278
                                                                                                • Instruction Fuzzy Hash: F741D065D1021C75CB10EBB8888A9DFB7A9FF45700F008526F618E3161FB34E251C7E6
                                                                                                Function 008EF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0092682C,00000004,00000000,00000000), ref: 008EF953
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0092682C,00000004,00000000,00000000), ref: 0092F3D1
                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0092682C,00000004,00000000,00000000), ref: 0092F454
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ShowWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1268545403-0
                                                                                                • Opcode ID: 42f956e8274cb69b13b76534b91f1c80da2948d137c9a7c774dec3a6afd22ccc
                                                                                                • Instruction ID: 0cf9b19d128d195c2e6d6d98d38236bf50a7a65ac5beceed9d23e2783bff978d
                                                                                                • Opcode Fuzzy Hash: 42f956e8274cb69b13b76534b91f1c80da2948d137c9a7c774dec3a6afd22ccc
                                                                                                • Instruction Fuzzy Hash: 204118302186C0BAC738AB2AD89873A7FA5FB47314F15443DF2D7D6563C6B5A880DB11
                                                                                                Function 00962D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteObject.GDI32(00000000), ref: 00962D1B
                                                                                                • GetDC.USER32(00000000), ref: 00962D23
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00962D2E
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00962D3A
                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00962D76
                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00962D87
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00965A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00962DC2
                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00962DE1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3864802216-0
                                                                                                • Opcode ID: f1a3f8426d86034b504aa75af6a3808c9f0c07bbfa5f154e5dd40cec60fdf1b2
                                                                                                • Instruction ID: 1079056c0300d4fcdd7e723bcb039fba0d18d6f8ad7257798257879719e85b82
                                                                                                • Opcode Fuzzy Hash: f1a3f8426d86034b504aa75af6a3808c9f0c07bbfa5f154e5dd40cec60fdf1b2
                                                                                                • Instruction Fuzzy Hash: 20317AB2215614BFEB218F50CC8AFFB3BADEF09755F044059FE489A291C6B59C50CBA4
                                                                                                Function 00935622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 2931989736-0
                                                                                                • Opcode ID: 78a1ae252983befb7e1899bb1bb111e7b37b91acc1bdc5407bd17788ad3644fa
                                                                                                • Instruction ID: a594c0cab7af3c3084d24b2d679d9c9a38426d1db5c048b6190a8bc98aec3566
                                                                                                • Opcode Fuzzy Hash: 78a1ae252983befb7e1899bb1bb111e7b37b91acc1bdc5407bd17788ad3644fa
                                                                                                • Instruction Fuzzy Hash: 402195B1644A09B7DA1455249D97FBB235DFE6838CF860020FE059A681F729ED10C9E6
                                                                                                Function 00954FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                • API String ID: 0-572801152
                                                                                                • Opcode ID: ab4a075dfec0df3f2756806859b3c5ebfb6343a026b40c14e2f199b40dd1fb61
                                                                                                • Instruction ID: 50358b96196bd3a20d0f715118b4705097f768a5f798b0d1ad80e20cc0f015c9
                                                                                                • Opcode Fuzzy Hash: ab4a075dfec0df3f2756806859b3c5ebfb6343a026b40c14e2f199b40dd1fb61
                                                                                                • Instruction Fuzzy Hash: DCD1D571A0060A9FDF10CFA9C890BAEB7B9BF48344F158469ED15AB282D770DD49CB50
                                                                                                Function 00911522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCPInfo.KERNEL32(?,?), ref: 009115CE
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00911651
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 009116E4
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 009116FB
                                                                                                  • Part of subcall function 00903820: RtlAllocateHeap.NTDLL(00000000,?,009A1444,?,008EFDF5,?,?,008DA976,00000010,009A1440,008D13FC,?,008D13C6,?,008D1129), ref: 00903852
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00911777
                                                                                                • __freea.LIBCMT ref: 009117A2
                                                                                                • __freea.LIBCMT ref: 009117AE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                • String ID:
                                                                                                • API String ID: 2829977744-0
                                                                                                • Opcode ID: 29883159bc76063a1e7b588903db5b4b5509f9f11281a08daac5c78fffc4be94
                                                                                                • Instruction ID: d5519399d58e0437b37e312f1f548e91e6f865dce5b5a9c53696fcb94334945e
                                                                                                • Opcode Fuzzy Hash: 29883159bc76063a1e7b588903db5b4b5509f9f11281a08daac5c78fffc4be94
                                                                                                • Instruction Fuzzy Hash: AF91A372F0021EBEDB208E64C881AEE7BBA9F49350F184659FA15E7281D735DDC0CB60
                                                                                                Function 00954523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit
                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                • API String ID: 2610073882-625585964
                                                                                                • Opcode ID: 53f311bcf6ac220226ea06ea664769662f8b0654260b882b693e3bfc39f4cd14
                                                                                                • Instruction ID: 2a68b960ed9d2fdc9781ac2c0be10d7f0c96f6d55d85d4d58f9502cfe86b27db
                                                                                                • Opcode Fuzzy Hash: 53f311bcf6ac220226ea06ea664769662f8b0654260b882b693e3bfc39f4cd14
                                                                                                • Instruction Fuzzy Hash: 01919671A04219AFDF60CFA6CC44FAEB7B8EF45719F108559F905AB280D7709989CFA0
                                                                                                Function 00941187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0094125C
                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00941284
                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009412A8
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009412D8
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0094135F
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009413C4
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00941430
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                • String ID:
                                                                                                • API String ID: 2550207440-0
                                                                                                • Opcode ID: 3ad5a4ba0b26d6dc12e9ba0fd5e9e2517cbf8b26b53a3fc0e9f0308417e57f16
                                                                                                • Instruction ID: 69c6952b67c6ded1914d0b1acb58ad03c003ee7d073231b61383e24d09ba69fb
                                                                                                • Opcode Fuzzy Hash: 3ad5a4ba0b26d6dc12e9ba0fd5e9e2517cbf8b26b53a3fc0e9f0308417e57f16
                                                                                                • Instruction Fuzzy Hash: E7911675A00219AFDB00DFA8C884FBE77B9FF45315F104529E550E72A1D7B4E981CB91
                                                                                                Function 008E948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                • String ID:
                                                                                                • API String ID: 3225163088-0
                                                                                                • Opcode ID: 2b251087f182ef6fce607a53b833a01546473fc21004343fae5c1b0ffa3c1a37
                                                                                                • Instruction ID: 0cd96ce35b47d400393577bbd0fa31bc661e01f786b1dda512072819b6fae2a5
                                                                                                • Opcode Fuzzy Hash: 2b251087f182ef6fce607a53b833a01546473fc21004343fae5c1b0ffa3c1a37
                                                                                                • Instruction Fuzzy Hash: A4911471D04219EFCB10CFAACC84AEEBBB8FF49320F148559E555B7251D7B8AA41CB60
                                                                                                Function 00953947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 0095396B
                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00953A7A
                                                                                                • _wcslen.LIBCMT ref: 00953A8A
                                                                                                • VariantClear.OLEAUT32(?), ref: 00953C1F
                                                                                                  • Part of subcall function 00940CDF: VariantInit.OLEAUT32(00000000), ref: 00940D1F
                                                                                                  • Part of subcall function 00940CDF: VariantCopy.OLEAUT32(?,?), ref: 00940D28
                                                                                                  • Part of subcall function 00940CDF: VariantClear.OLEAUT32(?), ref: 00940D34
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                • API String ID: 4137639002-1221869570
                                                                                                • Opcode ID: 0f3942a5dd714f7aaba4b6b3c219fddaf3fe4dd0e34758d7efd034489a9c9fe5
                                                                                                • Instruction ID: cde3529f52d68a87d852cc1f3c33164ab9338171dd9e8dd4d0002bf6912c9e87
                                                                                                • Opcode Fuzzy Hash: 0f3942a5dd714f7aaba4b6b3c219fddaf3fe4dd0e34758d7efd034489a9c9fe5
                                                                                                • Instruction Fuzzy Hash: 069179746083059FCB04DF29C48096AB7E8FF89355F14892EF8899B351DB31EE49CB92
                                                                                                Function 00954BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0093000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?,?,?,0093035E), ref: 0093002B
                                                                                                  • Part of subcall function 0093000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?,?), ref: 00930046
                                                                                                  • Part of subcall function 0093000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?,?), ref: 00930054
                                                                                                  • Part of subcall function 0093000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?), ref: 00930064
                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00954C51
                                                                                                • _wcslen.LIBCMT ref: 00954D59
                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00954DCF
                                                                                                • CoTaskMemFree.OLE32(?), ref: 00954DDA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                • String ID: NULL Pointer assignment
                                                                                                • API String ID: 614568839-2785691316
                                                                                                • Opcode ID: 0791b6c4e9f720cf926eeeb2513887b9ca89ae4c51ec8796b5a0d982c2b42425
                                                                                                • Instruction ID: f1138fa56fa0ef61336d6d69f668c995ab1ef5bb99c0af2dd7440336ebcefc16
                                                                                                • Opcode Fuzzy Hash: 0791b6c4e9f720cf926eeeb2513887b9ca89ae4c51ec8796b5a0d982c2b42425
                                                                                                • Instruction Fuzzy Hash: 46914871D0021DAFDF14DFA5D891AEEB7B8FF48314F10426AE915A7291DB309A48CFA1
                                                                                                Function 009620FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenu.USER32(?), ref: 00962183
                                                                                                • GetMenuItemCount.USER32(00000000), ref: 009621B5
                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009621DD
                                                                                                • _wcslen.LIBCMT ref: 00962213
                                                                                                • GetMenuItemID.USER32(?,?), ref: 0096224D
                                                                                                • GetSubMenu.USER32(?,?), ref: 0096225B
                                                                                                  • Part of subcall function 00933A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00933A57
                                                                                                  • Part of subcall function 00933A3D: GetCurrentThreadId.KERNEL32 ref: 00933A5E
                                                                                                  • Part of subcall function 00933A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009325B3), ref: 00933A65
                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009622E3
                                                                                                  • Part of subcall function 0093E97B: Sleep.KERNEL32 ref: 0093E9F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 4196846111-0
                                                                                                • Opcode ID: 51cb88b7b981270cfc2291e4b8884e0d4c49a4974b72347b0ecec56b60b08305
                                                                                                • Instruction ID: 05e4357e341201ee649b798d849c8b19489da10eb0ca2bb3ddfee9c8f26c5c40
                                                                                                • Opcode Fuzzy Hash: 51cb88b7b981270cfc2291e4b8884e0d4c49a4974b72347b0ecec56b60b08305
                                                                                                • Instruction Fuzzy Hash: 3471AD75E04605AFCB04DF68C881AAEB7F5FF89310F108459E826EB341DB74EE418B90
                                                                                                Function 00967E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00D16790), ref: 00967F37
                                                                                                • IsWindowEnabled.USER32(00D16790), ref: 00967F43
                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0096801E
                                                                                                • SendMessageW.USER32(00D16790,000000B0,?,?), ref: 00968051
                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00968089
                                                                                                • GetWindowLongW.USER32(00D16790,000000EC), ref: 009680AB
                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009680C3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                • String ID:
                                                                                                • API String ID: 4072528602-0
                                                                                                • Opcode ID: 22a1e8662d07998d27321ece01e256c64933e892afb629b2989b8689730e76af
                                                                                                • Instruction ID: 94a1056ba478e28e27c957d3500d7f120a204e2c47a646742226e9523fbed21d
                                                                                                • Opcode Fuzzy Hash: 22a1e8662d07998d27321ece01e256c64933e892afb629b2989b8689730e76af
                                                                                                • Instruction Fuzzy Hash: FB71BD74608204AFEB219FA4CC84FFBBBB9EF4A304F144959F98597261CB71A844DB20
                                                                                                Function 0093AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(?), ref: 0093AEF9
                                                                                                • GetKeyboardState.USER32(?), ref: 0093AF0E
                                                                                                • SetKeyboardState.USER32(?), ref: 0093AF6F
                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 0093AF9D
                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 0093AFBC
                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 0093AFFD
                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0093B020
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 87235514-0
                                                                                                • Opcode ID: 1e93d5df25b9ba4bcbf76470a007095258b817367d1cbb947012298c37ce3aa8
                                                                                                • Instruction ID: 97948b1c47197ce173f8eff726821d3bfbc3cf917cacd39ebf3ea16f0a936ba8
                                                                                                • Opcode Fuzzy Hash: 1e93d5df25b9ba4bcbf76470a007095258b817367d1cbb947012298c37ce3aa8
                                                                                                • Instruction Fuzzy Hash: 8251B1A06187D53DFB364234CC45BBBBEAD5B06304F088589F2E9598D2C3D9ACC8DB51
                                                                                                Function 0093ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(00000000), ref: 0093AD19
                                                                                                • GetKeyboardState.USER32(?), ref: 0093AD2E
                                                                                                • SetKeyboardState.USER32(?), ref: 0093AD8F
                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0093ADBB
                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0093ADD8
                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0093AE17
                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0093AE38
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 87235514-0
                                                                                                • Opcode ID: 39c03f0ffce8afb3d2a416b3c890dc37156cc2252f878f8f647daec61047341b
                                                                                                • Instruction ID: d63fa6c5c6d7771ab0e3bf533d0d48c0aa0b03f706bd09efba50a65b10e3f3a5
                                                                                                • Opcode Fuzzy Hash: 39c03f0ffce8afb3d2a416b3c890dc37156cc2252f878f8f647daec61047341b
                                                                                                • Instruction Fuzzy Hash: FD51E5A16087D53DFB378334CC55B7ABEAD5B46304F088588E1E55A8C2D394EC88EB62
                                                                                                Function 0090542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetConsoleCP.KERNEL32(00913CD6,?,?,?,?,?,?,?,?,00905BA3,?,?,00913CD6,?,?), ref: 00905470
                                                                                                • __fassign.LIBCMT ref: 009054EB
                                                                                                • __fassign.LIBCMT ref: 00905506
                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00913CD6,00000005,00000000,00000000), ref: 0090552C
                                                                                                • WriteFile.KERNEL32(?,00913CD6,00000000,00905BA3,00000000,?,?,?,?,?,?,?,?,?,00905BA3,?), ref: 0090554B
                                                                                                • WriteFile.KERNEL32(?,?,00000001,00905BA3,00000000,?,?,?,?,?,?,?,?,?,00905BA3,?), ref: 00905584
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                • String ID:
                                                                                                • API String ID: 1324828854-0
                                                                                                • Opcode ID: d9d77899ccf9dd690f6fe576a0d11e2603e4236c0afbb47483094842a501986f
                                                                                                • Instruction ID: fc4d7e12131f437e16f13b2d9dd2686e1b071997ce2e935ef673ef820af61206
                                                                                                • Opcode Fuzzy Hash: d9d77899ccf9dd690f6fe576a0d11e2603e4236c0afbb47483094842a501986f
                                                                                                • Instruction Fuzzy Hash: 9951D1B0A04649AFDB10CFA8DC85AEEBBF9EF09300F15451AF955E7291E7309A41CF60
                                                                                                Function 008F2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 008F2D4B
                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 008F2D53
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 008F2DE1
                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 008F2E0C
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 008F2E61
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                • String ID: csm
                                                                                                • API String ID: 1170836740-1018135373
                                                                                                • Opcode ID: 95156e68c11f86bdd14953a12f0f53c9386d1cfed3a39a589576ea82984e128b
                                                                                                • Instruction ID: 4e2640cb7655bf04fd1924bf2d2525395c56e2a0af7fb9cc76cb8cd48fac7826
                                                                                                • Opcode Fuzzy Hash: 95156e68c11f86bdd14953a12f0f53c9386d1cfed3a39a589576ea82984e128b
                                                                                                • Instruction Fuzzy Hash: C141A134A0020DABCF10EF78C845ABEBBA5FF45368F148165EA14EB292D7359A51CB91
                                                                                                Function 009510B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0095304E: inet_addr.WSOCK32(?), ref: 0095307A
                                                                                                  • Part of subcall function 0095304E: _wcslen.LIBCMT ref: 0095309B
                                                                                                • socket.WSOCK32(00000002,00000001,00000006), ref: 00951112
                                                                                                • WSAGetLastError.WSOCK32 ref: 00951121
                                                                                                • WSAGetLastError.WSOCK32 ref: 009511C9
                                                                                                • closesocket.WSOCK32(00000000), ref: 009511F9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                • String ID:
                                                                                                • API String ID: 2675159561-0
                                                                                                • Opcode ID: a4021c471612a5f8565ecc68ceac08814379d29ee05b4700fc9fc254cb029ad8
                                                                                                • Instruction ID: 8817b5582ea7efa9d83a0d9a2f2ea11ec4b2dd77cb1a8560133590791e9154c2
                                                                                                • Opcode Fuzzy Hash: a4021c471612a5f8565ecc68ceac08814379d29ee05b4700fc9fc254cb029ad8
                                                                                                • Instruction Fuzzy Hash: 00412231204604AFDB10DF29C884BAABBE9FF85325F148199FD46DB291C7B4AD45CBE1
                                                                                                Function 0093CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0093DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0093CF22,?), ref: 0093DDFD
                                                                                                  • Part of subcall function 0093DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0093CF22,?), ref: 0093DE16
                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0093CF45
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0093CF7F
                                                                                                • _wcslen.LIBCMT ref: 0093D005
                                                                                                • _wcslen.LIBCMT ref: 0093D01B
                                                                                                • SHFileOperationW.SHELL32(?), ref: 0093D061
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 3164238972-1173974218
                                                                                                • Opcode ID: 76c9f04db405439d383d82c76a2a46d8da4bd4b74f814e1acb02b9f14d83e0ef
                                                                                                • Instruction ID: d460b25ca09f25d54b18eeabd8de438ea0b52a19fda1193edc639bb2d0aff897
                                                                                                • Opcode Fuzzy Hash: 76c9f04db405439d383d82c76a2a46d8da4bd4b74f814e1acb02b9f14d83e0ef
                                                                                                • Instruction Fuzzy Hash: 1A4153B59052185FDF12EBA4D981AEEB7BDEF48380F0000E6E545EB141EB34AA88CF51
                                                                                                Function 00962DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00962E1C
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00962E4F
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00962E84
                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00962EB6
                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00962EE0
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00962EF1
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00962F0B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 2178440468-0
                                                                                                • Opcode ID: c2d79b3119a9519b87508fb454d554807f15dd56943a926fa1556cd3709d53c8
                                                                                                • Instruction ID: efe8d7fa97e77e889236f03e9210c911d8ab1198f57d984b27bf27fbddf9c2ad
                                                                                                • Opcode Fuzzy Hash: c2d79b3119a9519b87508fb454d554807f15dd56943a926fa1556cd3709d53c8
                                                                                                • Instruction Fuzzy Hash: FF312430658641AFDB22CF58ED84F6537E8FB9A710F150175F9518F2B1CBB2A840EB41
                                                                                                Function 00937726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00937769
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0093778F
                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00937792
                                                                                                • SysAllocString.OLEAUT32(?), ref: 009377B0
                                                                                                • SysFreeString.OLEAUT32(?), ref: 009377B9
                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 009377DE
                                                                                                • SysAllocString.OLEAUT32(?), ref: 009377EC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                • String ID:
                                                                                                • API String ID: 3761583154-0
                                                                                                • Opcode ID: 07c187b0387dc5c71b90412bd26e18146c19a0c526b8c264bb1795ba3c892852
                                                                                                • Instruction ID: 3e9a719632a506556f6e836a0349648fb6deb6301add3c32b7fba323fecc8cd0
                                                                                                • Opcode Fuzzy Hash: 07c187b0387dc5c71b90412bd26e18146c19a0c526b8c264bb1795ba3c892852
                                                                                                • Instruction Fuzzy Hash: FA21A7B6608219AFDF20DFE9CC84CBB77ACEB09764B048429FA15DB161D674DC41CB60
                                                                                                Function 009377FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00937842
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00937868
                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 0093786B
                                                                                                • SysAllocString.OLEAUT32 ref: 0093788C
                                                                                                • SysFreeString.OLEAUT32 ref: 00937895
                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 009378AF
                                                                                                • SysAllocString.OLEAUT32(?), ref: 009378BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                • String ID:
                                                                                                • API String ID: 3761583154-0
                                                                                                • Opcode ID: 54d004de8dd2398433702037bc2721a6996f1cb9b58200f385db7e11faeea203
                                                                                                • Instruction ID: 5493c417692a2eda26dc3e1d22f2f3f50d78c4a9306321124757740ab9a4973d
                                                                                                • Opcode Fuzzy Hash: 54d004de8dd2398433702037bc2721a6996f1cb9b58200f385db7e11faeea203
                                                                                                • Instruction Fuzzy Hash: 502190B5608205AFDB209FE9DC88DBAB7ECEB09360B108125F915DB2A1DA74DC41CB64
                                                                                                Function 009404D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 009404F2
                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0094052E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHandlePipe
                                                                                                • String ID: nul
                                                                                                • API String ID: 1424370930-2873401336
                                                                                                • Opcode ID: 29215e2c4dc7ecbf792727306bf9131a03a4e64fe1094befcf789fbdeba81a4b
                                                                                                • Instruction ID: 0a944b446e202491a8faec3212d6e578da03eee313469305fe6ac76f367914cb
                                                                                                • Opcode Fuzzy Hash: 29215e2c4dc7ecbf792727306bf9131a03a4e64fe1094befcf789fbdeba81a4b
                                                                                                • Instruction Fuzzy Hash: 7E2151755003059BDB209F2AD844E5A77A8EFC5724F204A19F9A1D72E0E770D940DF20
                                                                                                Function 009405A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 009405C6
                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00940601
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHandlePipe
                                                                                                • String ID: nul
                                                                                                • API String ID: 1424370930-2873401336
                                                                                                • Opcode ID: ea1af8b2808f99af163ae25bcf39e438d6360bf51eecffa124cd4e274ce431f8
                                                                                                • Instruction ID: bc06bd05579e102a72de42e368ce4b1ca067e1c94b5105fb29a9ba1a8c3b677e
                                                                                                • Opcode Fuzzy Hash: ea1af8b2808f99af163ae25bcf39e438d6360bf51eecffa124cd4e274ce431f8
                                                                                                • Instruction Fuzzy Hash: E4218E755043059BDB209F698C04EAA77E8AFD5720F214B1DFEE2E72E0D7B09860DB20
                                                                                                Function 009640AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008D604C
                                                                                                  • Part of subcall function 008D600E: GetStockObject.GDI32(00000011), ref: 008D6060
                                                                                                  • Part of subcall function 008D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008D606A
                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00964112
                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0096411F
                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0096412A
                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00964139
                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00964145
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                • String ID: Msctls_Progress32
                                                                                                • API String ID: 1025951953-3636473452
                                                                                                • Opcode ID: 4257ef9e4889ca818671299dd28325431c8f6c48d440c78beb5eca8f5789556f
                                                                                                • Instruction ID: 87f0e1ca834d3270faf2fa6f42553084d0c608e57b04c7bd44f94dea9df03426
                                                                                                • Opcode Fuzzy Hash: 4257ef9e4889ca818671299dd28325431c8f6c48d440c78beb5eca8f5789556f
                                                                                                • Instruction Fuzzy Hash: E211E2B215021EBEEF108FA4CC85EE77F5DEF09398F014111FB18A2050CA729C61DBA4
                                                                                                Function 0090D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0090D7A3: _free.LIBCMT ref: 0090D7CC
                                                                                                • _free.LIBCMT ref: 0090D82D
                                                                                                  • Part of subcall function 009029C8: HeapFree.KERNEL32(00000000,00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000), ref: 009029DE
                                                                                                  • Part of subcall function 009029C8: GetLastError.KERNEL32(00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000,00000000), ref: 009029F0
                                                                                                • _free.LIBCMT ref: 0090D838
                                                                                                • _free.LIBCMT ref: 0090D843
                                                                                                • _free.LIBCMT ref: 0090D897
                                                                                                • _free.LIBCMT ref: 0090D8A2
                                                                                                • _free.LIBCMT ref: 0090D8AD
                                                                                                • _free.LIBCMT ref: 0090D8B8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                • Instruction ID: 941ef975cc799ce7ccbfd833a29c54b560908868ce6888281adb2dad02d720ab
                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                • Instruction Fuzzy Hash: E8112EB1542B04AEE621BFF4CC4BFCB7BDCAFC4700F404825B2A9A64D2DA75B5058660
                                                                                                Function 0093DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0093DA74
                                                                                                • LoadStringW.USER32(00000000), ref: 0093DA7B
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0093DA91
                                                                                                • LoadStringW.USER32(00000000), ref: 0093DA98
                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0093DADC
                                                                                                Strings
                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 0093DAB9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                • API String ID: 4072794657-3128320259
                                                                                                • Opcode ID: 49e624e338c805f718109d28758e57e804e5ad2ff606e35f92854dace1596614
                                                                                                • Instruction ID: 877db5707b285d397c65054a71fff2f6424e857b4dd779c2ae88038e1adb03ca
                                                                                                • Opcode Fuzzy Hash: 49e624e338c805f718109d28758e57e804e5ad2ff606e35f92854dace1596614
                                                                                                • Instruction Fuzzy Hash: 2D0162F65042087FEB109BA4DD89EFB736CE708341F400896F786E2041E6B49E845F74
                                                                                                Function 0094096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InterlockedExchange.KERNEL32(00D0E350,00D0E350), ref: 0094097B
                                                                                                • EnterCriticalSection.KERNEL32(00D0E330,00000000), ref: 0094098D
                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 0094099B
                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009409A9
                                                                                                • CloseHandle.KERNEL32(?), ref: 009409B8
                                                                                                • InterlockedExchange.KERNEL32(00D0E350,000001F6), ref: 009409C8
                                                                                                • LeaveCriticalSection.KERNEL32(00D0E330), ref: 009409CF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                • String ID:
                                                                                                • API String ID: 3495660284-0
                                                                                                • Opcode ID: 84a45fdeb165d96283444959fee888f195b75059be8652ac6e3e9a21713577d9
                                                                                                • Instruction ID: 3fa1a38afb47a941d6674c0a1faa2b8195307e6b430e4f040d3e82a1a5614b0e
                                                                                                • Opcode Fuzzy Hash: 84a45fdeb165d96283444959fee888f195b75059be8652ac6e3e9a21713577d9
                                                                                                • Instruction Fuzzy Hash: 7CF03C7245AA02BBD7415FA4EE9CBE6BB39FF41702F402029F242908A0C7B59465DFA0
                                                                                                Function 008D5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClientRect.USER32(?,?), ref: 008D5D30
                                                                                                • GetWindowRect.USER32(?,?), ref: 008D5D71
                                                                                                • ScreenToClient.USER32(?,?), ref: 008D5D99
                                                                                                • GetClientRect.USER32(?,?), ref: 008D5ED7
                                                                                                • GetWindowRect.USER32(?,?), ref: 008D5EF8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                • String ID:
                                                                                                • API String ID: 1296646539-0
                                                                                                • Opcode ID: f6876657f1972c92754743d42a752389dbae443f986898d41a8992fc29739abf
                                                                                                • Instruction ID: e110ed15ebdede94cd9fbc8550dfaf191d355de09b162299f7b0ff98daa93a9a
                                                                                                • Opcode Fuzzy Hash: f6876657f1972c92754743d42a752389dbae443f986898d41a8992fc29739abf
                                                                                                • Instruction Fuzzy Hash: 0FB17974A0068ADBDB10DFA8C4807EEB7F1FF58310F14851BE8AAD7250DB34AA91DB54
                                                                                                Function 009001B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __allrem.LIBCMT ref: 009000BA
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009000D6
                                                                                                • __allrem.LIBCMT ref: 009000ED
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0090010B
                                                                                                • __allrem.LIBCMT ref: 00900122
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00900140
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                • String ID:
                                                                                                • API String ID: 1992179935-0
                                                                                                • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                • Instruction ID: 04eac179e548d0bd479c690399b57786c28a45a30fd1e5e06a81a0003610ad85
                                                                                                • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                • Instruction Fuzzy Hash: 8D81C872A00B0A9FE7249F78CC41B6A73E9EFC5764F24453AF651D66C1EB70D9408790
                                                                                                Function 00951D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00953149: select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00953195
                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00951DC0
                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00951DE1
                                                                                                • WSAGetLastError.WSOCK32 ref: 00951DF2
                                                                                                • inet_ntoa.WSOCK32(?), ref: 00951E8C
                                                                                                • htons.WSOCK32(?), ref: 00951EDB
                                                                                                • _strlen.LIBCMT ref: 00951F35
                                                                                                  • Part of subcall function 009339E8: _strlen.LIBCMT ref: 009339F2
                                                                                                  • Part of subcall function 008D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,008ECF58,?,?,?), ref: 008D6DBA
                                                                                                  • Part of subcall function 008D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,008ECF58,?,?,?), ref: 008D6DED
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                • String ID:
                                                                                                • API String ID: 1923757996-0
                                                                                                • Opcode ID: 846680ba2712f548b3df98e28a532b26523158effa4507be0fe4b52b0e1fc7e3
                                                                                                • Instruction ID: e9799219f36600b90f91e7412225aae61df94ac0e0c5942e8fc3aff2ecb8f35a
                                                                                                • Opcode Fuzzy Hash: 846680ba2712f548b3df98e28a532b26523158effa4507be0fe4b52b0e1fc7e3
                                                                                                • Instruction Fuzzy Hash: C8A1C131204340AFC324DB25C885F2A77A9FF85318F548A4DF8569B2E2DB71ED49CB92
                                                                                                Function 009061FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008F82D9,008F82D9,?,?,?,0090644F,00000001,00000001,8BE85006), ref: 00906258
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0090644F,00000001,00000001,8BE85006,?,?,?), ref: 009062DE
                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 009063D8
                                                                                                • __freea.LIBCMT ref: 009063E5
                                                                                                  • Part of subcall function 00903820: RtlAllocateHeap.NTDLL(00000000,?,009A1444,?,008EFDF5,?,?,008DA976,00000010,009A1440,008D13FC,?,008D13C6,?,008D1129), ref: 00903852
                                                                                                • __freea.LIBCMT ref: 009063EE
                                                                                                • __freea.LIBCMT ref: 00906413
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1414292761-0
                                                                                                • Opcode ID: e5f7a5a464ac34215a82bade40eda22d4e02b4be0cf1f78127b1cb5ef6c25e9f
                                                                                                • Instruction ID: bdb4e16e258257f3ab1f26fb37356aed2d3bf7a8d12c6fa618464c1051899bc5
                                                                                                • Opcode Fuzzy Hash: e5f7a5a464ac34215a82bade40eda22d4e02b4be0cf1f78127b1cb5ef6c25e9f
                                                                                                • Instruction Fuzzy Hash: 2D519C72A00216AFEB259F64DC81EBF7AADEF84750F154629F805DA1D0EB34DC60D6A0
                                                                                                Function 0095BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 0095C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0095B6AE,?,?), ref: 0095C9B5
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095C9F1
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA68
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0095BCCA
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0095BD25
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0095BD6A
                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0095BD99
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0095BDF3
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0095BDFF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                • String ID:
                                                                                                • API String ID: 1120388591-0
                                                                                                • Opcode ID: d86ed803dbea04b7a80187ab8a7ae142602991db4c9b8a7817847e2ea9b3f1fd
                                                                                                • Instruction ID: 484cd46e99e17935ee7a9a8998e26517184a8942d28da6e988d03d541f042550
                                                                                                • Opcode Fuzzy Hash: d86ed803dbea04b7a80187ab8a7ae142602991db4c9b8a7817847e2ea9b3f1fd
                                                                                                • Instruction Fuzzy Hash: E9819070208241AFC714DF25C891E2ABBF9FF84308F14895DF5958B2A2DB31ED49CB92
                                                                                                Function 0092F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(00000035), ref: 0092F7B9
                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 0092F860
                                                                                                • VariantCopy.OLEAUT32(0092FA64,00000000), ref: 0092F889
                                                                                                • VariantClear.OLEAUT32(0092FA64), ref: 0092F8AD
                                                                                                • VariantCopy.OLEAUT32(0092FA64,00000000), ref: 0092F8B1
                                                                                                • VariantClear.OLEAUT32(?), ref: 0092F8BB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                • String ID:
                                                                                                • API String ID: 3859894641-0
                                                                                                • Opcode ID: 878e5c2c9db0820265bc0d120cdd2c26d7475c516dd82997948ddde3220fa0e9
                                                                                                • Instruction ID: 7be0ae7e9b06ae0da997a7e6a6e9d224073db86cb05e1601cb8a4bcb45a70749
                                                                                                • Opcode Fuzzy Hash: 878e5c2c9db0820265bc0d120cdd2c26d7475c516dd82997948ddde3220fa0e9
                                                                                                • Instruction Fuzzy Hash: 5651C739610320BACF14AB65E8A5B39B3B8EF45310B24447BF906DF299DB748C80C757
                                                                                                Function 0094910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D7620: _wcslen.LIBCMT ref: 008D7625
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 009494E5
                                                                                                • _wcslen.LIBCMT ref: 00949506
                                                                                                • _wcslen.LIBCMT ref: 0094952D
                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00949585
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                • String ID: X
                                                                                                • API String ID: 83654149-3081909835
                                                                                                • Opcode ID: 07b0a4d29ee951702ef2db0acc788165efd3ee386ff328c327ebd8dfe710a28b
                                                                                                • Instruction ID: ed96ddcd09246112097b574dc38018cc4e6954e1e301a97632b976f09438bc59
                                                                                                • Opcode Fuzzy Hash: 07b0a4d29ee951702ef2db0acc788165efd3ee386ff328c327ebd8dfe710a28b
                                                                                                • Instruction Fuzzy Hash: 1FE15C316083419FD724DF28C481A6AB7E4FF85314F158A6DF8999B3A2EB31DD05CB92
                                                                                                Function 008E920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                • BeginPaint.USER32(?,?,?), ref: 008E9241
                                                                                                • GetWindowRect.USER32(?,?), ref: 008E92A5
                                                                                                • ScreenToClient.USER32(?,?), ref: 008E92C2
                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008E92D3
                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 008E9321
                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 009271EA
                                                                                                  • Part of subcall function 008E9339: BeginPath.GDI32(00000000), ref: 008E9357
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                • String ID:
                                                                                                • API String ID: 3050599898-0
                                                                                                • Opcode ID: e867144ffe62055ad20ddfe1ceeb8c1c4e0656013f9b2d62ff7c4bd973132e86
                                                                                                • Instruction ID: 7018bba43bb6cf7b307e35988f3e9c4bcd336daf0a0184f7863bf44e554c28a2
                                                                                                • Opcode Fuzzy Hash: e867144ffe62055ad20ddfe1ceeb8c1c4e0656013f9b2d62ff7c4bd973132e86
                                                                                                • Instruction Fuzzy Hash: 1441C170108250AFD710DF65DC84FBB7BA8FF86364F100229F9A4D72A2C7B09845DB62
                                                                                                Function 009407EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 0094080C
                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00940847
                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 00940863
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 009408DC
                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009408F3
                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00940921
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                • String ID:
                                                                                                • API String ID: 3368777196-0
                                                                                                • Opcode ID: 9f5bf2351c24a268ce7eb41a4134e013456f25bcb47d142b56a3d01d03d15547
                                                                                                • Instruction ID: 3886352802e2805b01b4205187c18cfa83a9ff9910f84927adcaef120dc04626
                                                                                                • Opcode Fuzzy Hash: 9f5bf2351c24a268ce7eb41a4134e013456f25bcb47d142b56a3d01d03d15547
                                                                                                • Instruction Fuzzy Hash: F4415971900205ABDF14AF58DC85A6A7778FF45300F1440A9FE00DE297DB71EE60DBA0
                                                                                                Function 009681DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0092F3AB,00000000,?,?,00000000,?,0092682C,00000004,00000000,00000000), ref: 0096824C
                                                                                                • EnableWindow.USER32(?,00000000), ref: 00968272
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009682D1
                                                                                                • ShowWindow.USER32(?,00000004), ref: 009682E5
                                                                                                • EnableWindow.USER32(?,00000001), ref: 0096830B
                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0096832F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 642888154-0
                                                                                                • Opcode ID: 19041a95fa533b26ce18bddb3eeb3b55f32ee2ca1f1868ccd264b449a83d7a92
                                                                                                • Instruction ID: 14ffbf7ef473a51ae91cca32e4f89dd756e64e10ec6b6b41d41c3fa3aac4e375
                                                                                                • Opcode Fuzzy Hash: 19041a95fa533b26ce18bddb3eeb3b55f32ee2ca1f1868ccd264b449a83d7a92
                                                                                                • Instruction Fuzzy Hash: 3F41D030605640AFDB25CF25D8A9FE67BE4FF4A754F1803A9F5584B2A2CB31A841DB80
                                                                                                Function 00934C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindowVisible.USER32(?), ref: 00934C95
                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00934CB2
                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00934CEA
                                                                                                • _wcslen.LIBCMT ref: 00934D08
                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00934D10
                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00934D1A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                • String ID:
                                                                                                • API String ID: 72514467-0
                                                                                                • Opcode ID: 249bd610fa3a20fa7fc8e02df13de99bffcb25185c216276d5b9931e8bc76e75
                                                                                                • Instruction ID: 69a5a675ea7d480c421c7c73b8fca16da17f2937c132bf71ba644373c9a34eba
                                                                                                • Opcode Fuzzy Hash: 249bd610fa3a20fa7fc8e02df13de99bffcb25185c216276d5b9931e8bc76e75
                                                                                                • Instruction Fuzzy Hash: FD212672204201BBEB155B39EC09E7B7B9CEF45750F11802DF905CA192EAA1FC009BA1
                                                                                                Function 0094581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008D3A97,?,?,008D2E7F,?,?,?,00000000), ref: 008D3AC2
                                                                                                • _wcslen.LIBCMT ref: 0094587B
                                                                                                • CoInitialize.OLE32(00000000), ref: 00945995
                                                                                                • CoCreateInstance.OLE32(0096FCF8,00000000,00000001,0096FB68,?), ref: 009459AE
                                                                                                • CoUninitialize.OLE32 ref: 009459CC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                • String ID: .lnk
                                                                                                • API String ID: 3172280962-24824748
                                                                                                • Opcode ID: f2146b92e833e6fb281c546f2ef82ed8f751396b86f656b32245333c70b2e69f
                                                                                                • Instruction ID: 5c97188fe60fdd46c26eb1f534ba6425115fba8b154c64250b72a864b937c103
                                                                                                • Opcode Fuzzy Hash: f2146b92e833e6fb281c546f2ef82ed8f751396b86f656b32245333c70b2e69f
                                                                                                • Instruction Fuzzy Hash: D6D151716086019FC714DF68C480E2ABBE5FF89714F15895EF88A9B362DB31EC45CB92
                                                                                                Function 0093175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00930FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00930FCA
                                                                                                  • Part of subcall function 00930FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00930FD6
                                                                                                  • Part of subcall function 00930FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00930FE5
                                                                                                  • Part of subcall function 00930FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00930FEC
                                                                                                  • Part of subcall function 00930FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00931002
                                                                                                • GetLengthSid.ADVAPI32(?,00000000,00931335), ref: 009317AE
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 009317BA
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 009317C1
                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 009317DA
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00931335), ref: 009317EE
                                                                                                • HeapFree.KERNEL32(00000000), ref: 009317F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                • String ID:
                                                                                                • API String ID: 3008561057-0
                                                                                                • Opcode ID: 9b655c4792847907eb8513f8c77e12976f5735564e647ab8e7636d442695dbc6
                                                                                                • Instruction ID: 64b98139fdf8042303196311de078b8cf1f20d7733379e61f53cc72a50caeaef
                                                                                                • Opcode Fuzzy Hash: 9b655c4792847907eb8513f8c77e12976f5735564e647ab8e7636d442695dbc6
                                                                                                • Instruction Fuzzy Hash: DE118B72618205FFDB209FA4CC49BBE7BADEB46359F184418F482A7220D776A944DF70
                                                                                                Function 009314CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 009314FF
                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00931506
                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00931515
                                                                                                • CloseHandle.KERNEL32(00000004), ref: 00931520
                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0093154F
                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00931563
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                • String ID:
                                                                                                • API String ID: 1413079979-0
                                                                                                • Opcode ID: d8d02cc7149d066eee5d6f2d43e8c5f254e47a05893854d1efadf12d46dac5b9
                                                                                                • Instruction ID: e867af3c7fdad12c5b89f4fcd8c7113304bd5046f2ff1248e8ff51d1ec91b3af
                                                                                                • Opcode Fuzzy Hash: d8d02cc7149d066eee5d6f2d43e8c5f254e47a05893854d1efadf12d46dac5b9
                                                                                                • Instruction Fuzzy Hash: 621129B2604249ABDF118F98DE49FEE7BADEF48744F044019FA45A2160C3B58E61EB60
                                                                                                Function 008F3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,008F3379,008F2FE5), ref: 008F3390
                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008F339E
                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008F33B7
                                                                                                • SetLastError.KERNEL32(00000000,?,008F3379,008F2FE5), ref: 008F3409
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                • String ID:
                                                                                                • API String ID: 3852720340-0
                                                                                                • Opcode ID: 6462dab10770d05dfe2c98d16a1a9269d4ce1ac8fa892771b97fdd709114779c
                                                                                                • Instruction ID: c96d28e5c0fcccd4ea135beb6c8c6e19a5d51d8e419e301abd8e37a78b1461a1
                                                                                                • Opcode Fuzzy Hash: 6462dab10770d05dfe2c98d16a1a9269d4ce1ac8fa892771b97fdd709114779c
                                                                                                • Instruction Fuzzy Hash: 6601DFB361D319BEAA2527BC7C85A772A94FB25379B20022AF710C13F0EF524E127558
                                                                                                Function 00902D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,00905686,00913CD6,?,00000000,?,00905B6A,?,?,?,?,?,008FE6D1,?,00998A48), ref: 00902D78
                                                                                                • _free.LIBCMT ref: 00902DAB
                                                                                                • _free.LIBCMT ref: 00902DD3
                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,008FE6D1,?,00998A48,00000010,008D4F4A,?,?,00000000,00913CD6), ref: 00902DE0
                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,008FE6D1,?,00998A48,00000010,008D4F4A,?,?,00000000,00913CD6), ref: 00902DEC
                                                                                                • _abort.LIBCMT ref: 00902DF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                • String ID:
                                                                                                • API String ID: 3160817290-0
                                                                                                • Opcode ID: 8e424b262958587d2cad92d9208b5294fd77ceee5d40154689a0655b4a57179e
                                                                                                • Instruction ID: 590d97d36f9dafee4e912e5edcb967c6fa2f3aa6700216ada265002a72af338f
                                                                                                • Opcode Fuzzy Hash: 8e424b262958587d2cad92d9208b5294fd77ceee5d40154689a0655b4a57179e
                                                                                                • Instruction Fuzzy Hash: 19F0C27650CA016FC6223738BC0EF6A265DAFC27A5F354419F834962E2EE648C416260
                                                                                                Function 00968A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008E9693
                                                                                                  • Part of subcall function 008E9639: SelectObject.GDI32(?,00000000), ref: 008E96A2
                                                                                                  • Part of subcall function 008E9639: BeginPath.GDI32(?), ref: 008E96B9
                                                                                                  • Part of subcall function 008E9639: SelectObject.GDI32(?,00000000), ref: 008E96E2
                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00968A4E
                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00968A62
                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00968A70
                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00968A80
                                                                                                • EndPath.GDI32(?), ref: 00968A90
                                                                                                • StrokePath.GDI32(?), ref: 00968AA0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                • String ID:
                                                                                                • API String ID: 43455801-0
                                                                                                • Opcode ID: 26b8ca9361da121bf9e797b5624d9be9a19057c4304d165bee54830161ee183f
                                                                                                • Instruction ID: 6e91adbca058d38ac54fd2268cb15fbfaca0289a0e8a49b125ea4f6f46cfd89b
                                                                                                • Opcode Fuzzy Hash: 26b8ca9361da121bf9e797b5624d9be9a19057c4304d165bee54830161ee183f
                                                                                                • Instruction Fuzzy Hash: 9A110976004108FFDF129F94DC88EAA7F6CEF09390F008016FA599A1A1C7B19D55EBA0
                                                                                                Function 009351FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(00000000), ref: 00935218
                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00935229
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00935230
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00935238
                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0093524F
                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00935261
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDevice$Release
                                                                                                • String ID:
                                                                                                • API String ID: 1035833867-0
                                                                                                • Opcode ID: 645288acb50c53bb1cbb874bf8ac6a7117b6018c2705cdf5f4a7c4d4a937f5e8
                                                                                                • Instruction ID: b33e4a64776a9f16c220becdb190a3142154558c011c6de48a42272434fa3379
                                                                                                • Opcode Fuzzy Hash: 645288acb50c53bb1cbb874bf8ac6a7117b6018c2705cdf5f4a7c4d4a937f5e8
                                                                                                • Instruction Fuzzy Hash: F301A2B5E04719BBEF109BA59C49F5EBFB8EF48351F04406AFA04A7280D6B09C00DFA0
                                                                                                Function 008D1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 008D1BF4
                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 008D1BFC
                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 008D1C07
                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 008D1C12
                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 008D1C1A
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 008D1C22
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Virtual
                                                                                                • String ID:
                                                                                                • API String ID: 4278518827-0
                                                                                                • Opcode ID: 93d9c6b2e508d552127c1d2166669d768d28970fc3d670449eb7a6ddcf7dbacf
                                                                                                • Instruction ID: 845049347eefe3df9ab59bf6905d0b0f0c28f7dab159848a82e8db510dba2ac1
                                                                                                • Opcode Fuzzy Hash: 93d9c6b2e508d552127c1d2166669d768d28970fc3d670449eb7a6ddcf7dbacf
                                                                                                • Instruction Fuzzy Hash: A30167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BE15C4BA42C7F5A864CBE5
                                                                                                Function 0093EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0093EB30
                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0093EB46
                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 0093EB55
                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0093EB64
                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0093EB6E
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0093EB75
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                • String ID:
                                                                                                • API String ID: 839392675-0
                                                                                                • Opcode ID: ad17ce1619347ecb618f51b99faaf780b8080a70251d53a50c7385c675550beb
                                                                                                • Instruction ID: 4d85f97260417dc22cfbf0809cdf435818a59e5e5f60b987b783414f0b265187
                                                                                                • Opcode Fuzzy Hash: ad17ce1619347ecb618f51b99faaf780b8080a70251d53a50c7385c675550beb
                                                                                                • Instruction Fuzzy Hash: DCF017B2254159BBE7216B62DC0EEBB7A7CEFCAB11F00015CF642D119196E05A01AAB9
                                                                                                Function 00927439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClientRect.USER32(?), ref: 00927452
                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00927469
                                                                                                • GetWindowDC.USER32(?), ref: 00927475
                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00927484
                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00927496
                                                                                                • GetSysColor.USER32(00000005), ref: 009274B0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                • String ID:
                                                                                                • API String ID: 272304278-0
                                                                                                • Opcode ID: 97d033f1dad771fc9da2af671d2d8507b03935f542e4bd93cf1c86921c208912
                                                                                                • Instruction ID: 4438d86d0268c5424f943acf09b330176bbcaa0117b6cc4bb1646d992e7bad2a
                                                                                                • Opcode Fuzzy Hash: 97d033f1dad771fc9da2af671d2d8507b03935f542e4bd93cf1c86921c208912
                                                                                                • Instruction Fuzzy Hash: 8C018B7141821AFFDB106FA4EC08BBABBB6FF04311F114068F956A21B0CBB11E41AB50
                                                                                                Function 00931874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0093187F
                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 0093188B
                                                                                                • CloseHandle.KERNEL32(?), ref: 00931894
                                                                                                • CloseHandle.KERNEL32(?), ref: 0093189C
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 009318A5
                                                                                                • HeapFree.KERNEL32(00000000), ref: 009318AC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                • String ID:
                                                                                                • API String ID: 146765662-0
                                                                                                • Opcode ID: 31bd734afb9cff9924e1532cb4f6876678940db38aa222f41c5ea423b33e549e
                                                                                                • Instruction ID: 3d505e46585df72e945c71b2ad43dca4a9c29bf325bd5bad9654c6d69a0780c0
                                                                                                • Opcode Fuzzy Hash: 31bd734afb9cff9924e1532cb4f6876678940db38aa222f41c5ea423b33e549e
                                                                                                • Instruction Fuzzy Hash: 61E012B601C101BFDB016FA2EE0CD15BF39FF4A7227118229F26581170CBB25420EF60
                                                                                                Function 0093C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D7620: _wcslen.LIBCMT ref: 008D7625
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0093C6EE
                                                                                                • _wcslen.LIBCMT ref: 0093C735
                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0093C79C
                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0093C7CA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                • String ID: 0
                                                                                                • API String ID: 1227352736-4108050209
                                                                                                • Opcode ID: ce394c36f5acb7fc468a1c059c2630c41fa6430a1655c90435717b54cf7bd344
                                                                                                • Instruction ID: 3ce6d3caf8de1790d02ffeda0bdeba33c183382bb6a02e3f3576dd7122f1a577
                                                                                                • Opcode Fuzzy Hash: ce394c36f5acb7fc468a1c059c2630c41fa6430a1655c90435717b54cf7bd344
                                                                                                • Instruction Fuzzy Hash: 2851B0B16187019BD7149F28C889B6B77E8EF8A314F040A2DF996F32A1DB64DD04DF52
                                                                                                Function 0093719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00937206
                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0093723C
                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0093724D
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 009372CF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                • String ID: DllGetClassObject
                                                                                                • API String ID: 753597075-1075368562
                                                                                                • Opcode ID: 032943a3995693f9611106ed13a60292e499551abe812cc317a7bebecdf84214
                                                                                                • Instruction ID: 5055ca76aacede5107a6527a88c68eb254bf30eb77c1159ac8104ba9d632a06f
                                                                                                • Opcode Fuzzy Hash: 032943a3995693f9611106ed13a60292e499551abe812cc317a7bebecdf84214
                                                                                                • Instruction Fuzzy Hash: 1D416DB1604204AFDB25CF94C884AABBBA9EF85310F1580ADFD159F20AD7B4D944CFA0
                                                                                                Function 00963D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00963E35
                                                                                                • IsMenu.USER32(?), ref: 00963E4A
                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00963E92
                                                                                                • DrawMenuBar.USER32 ref: 00963EA5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                • String ID: 0
                                                                                                • API String ID: 3076010158-4108050209
                                                                                                • Opcode ID: 79ab6457bd14b36fb09a6d3091c9bb9d529ff085f20b8055c19aab673daf8ce5
                                                                                                • Instruction ID: 38e7ea4582c17917f2fcc4de5a90d3c054b8439dd4b6a6f568aa6fb6d2135a03
                                                                                                • Opcode Fuzzy Hash: 79ab6457bd14b36fb09a6d3091c9bb9d529ff085f20b8055c19aab673daf8ce5
                                                                                                • Instruction Fuzzy Hash: DB416A75A10209AFDB11DF50D884AAABBF9FF49350F04812AF90697250D735AE40DF60
                                                                                                Function 00931DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 00933CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00933CCA
                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00931E66
                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00931E79
                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00931EA9
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 2081771294-1403004172
                                                                                                • Opcode ID: d325aad6c82269cb667bc5577663d13b658f427ea78f12716420c8bf015b09f3
                                                                                                • Instruction ID: 1184d52124585a12f23512eae96f9d16d446bf97a6c6f0913d1726c32c7fe78e
                                                                                                • Opcode Fuzzy Hash: d325aad6c82269cb667bc5577663d13b658f427ea78f12716420c8bf015b09f3
                                                                                                • Instruction Fuzzy Hash: 3B210571A00104BEDB24AB68DC45CFFB7B8EF46364F10452AF865E72E1DB7949099A20
                                                                                                Function 0095C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                • API String ID: 176396367-4004644295
                                                                                                • Opcode ID: 2e003807aed50bef27da922bbab9209c8329e4cc3bd547863a738b4101e4138d
                                                                                                • Instruction ID: b1748aca0b7fc4f9ecb56663d3d97a2394eef801b57aa6f11ac6b8ffb49c8e25
                                                                                                • Opcode Fuzzy Hash: 2e003807aed50bef27da922bbab9209c8329e4cc3bd547863a738b4101e4138d
                                                                                                • Instruction Fuzzy Hash: 0F31F5B2B007694FCF20DF6ED9400BF3B99ABA1752F05402AEC45AB345EA70CD48D3A1
                                                                                                Function 00962F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00962F8D
                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00962F94
                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00962FA9
                                                                                                • DestroyWindow.USER32(?), ref: 00962FB1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                • String ID: SysAnimate32
                                                                                                • API String ID: 3529120543-1011021900
                                                                                                • Opcode ID: 96761c4574cde1bce177622c39d48190c5eb09229dea142752dec12dc8f31ed8
                                                                                                • Instruction ID: 56d4afec9188cf88f4774ffb06ccc78f78b9fab76ad0fbc279bbf049c31d1b07
                                                                                                • Opcode Fuzzy Hash: 96761c4574cde1bce177622c39d48190c5eb09229dea142752dec12dc8f31ed8
                                                                                                • Instruction Fuzzy Hash: 9B21CDB1214A09ABEF104FA4DC80FBB77BDEF59368F104619FA50D61A0D7B1DC91A760
                                                                                                Function 008F4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008F4D1E,009028E9,?,008F4CBE,009028E9,009988B8,0000000C,008F4E15,009028E9,00000002), ref: 008F4D8D
                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008F4DA0
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,008F4D1E,009028E9,?,008F4CBE,009028E9,009988B8,0000000C,008F4E15,009028E9,00000002,00000000), ref: 008F4DC3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                • API String ID: 4061214504-1276376045
                                                                                                • Opcode ID: 2011922c19f55e4036047d80e248459877777ecc67535de8252535a5c7f0aaed
                                                                                                • Instruction ID: 7daee29e44485cc3f30a939120385f11940a78eabc037ae827b0e63d73ea80c6
                                                                                                • Opcode Fuzzy Hash: 2011922c19f55e4036047d80e248459877777ecc67535de8252535a5c7f0aaed
                                                                                                • Instruction Fuzzy Hash: F7F0A47151420CBBDB145FA4DC09BBEBBB4FF44755F000059F909E2250CB705940DB90
                                                                                                Function 008D4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D4EDD,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4E9C
                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008D4EAE
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,008D4EDD,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4EC0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                • API String ID: 145871493-3689287502
                                                                                                • Opcode ID: 5286d72df39fe0d15990bd18893626c2c194190aa49aeeec537732366ab8431a
                                                                                                • Instruction ID: 1b40f04bc9feb966444814d037eebf1e88aa79b36759c574f0847926b8653a51
                                                                                                • Opcode Fuzzy Hash: 5286d72df39fe0d15990bd18893626c2c194190aa49aeeec537732366ab8431a
                                                                                                • Instruction Fuzzy Hash: 60E08675A195226B93212B256C18A7B6754FFC2B7270A021AFC44D2200DBB0CD0190A1
                                                                                                Function 008D4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00913CDE,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4E62
                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008D4E74
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00913CDE,?,009A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008D4E87
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                • API String ID: 145871493-1355242751
                                                                                                • Opcode ID: 1e5c69b1091e5a525827d09f9fbe08a55034a38c7bab4494cf6c4eee8118de8d
                                                                                                • Instruction ID: 9c278cdc17a30d2b5594f85fb6f790f90a5789db8842ec152a3ccf201838d67d
                                                                                                • Opcode Fuzzy Hash: 1e5c69b1091e5a525827d09f9fbe08a55034a38c7bab4494cf6c4eee8118de8d
                                                                                                • Instruction Fuzzy Hash: EED0C23151A661674A221B24AC08DAB2B18FFC6B75386031AF844E2210CFB0CD01D1D0
                                                                                                Function 00942947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00942C05
                                                                                                • DeleteFileW.KERNEL32(?), ref: 00942C87
                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00942C9D
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00942CAE
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00942CC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Delete$Copy
                                                                                                • String ID:
                                                                                                • API String ID: 3226157194-0
                                                                                                • Opcode ID: c787d257a12180ca883ba4469f32ac98c1d4632857095b22bb0db8255d70f7d1
                                                                                                • Instruction ID: 4d3dbb88cd4637cabab850a659dc14cf575499865872c0e912bd2c5d52b1eacd
                                                                                                • Opcode Fuzzy Hash: c787d257a12180ca883ba4469f32ac98c1d4632857095b22bb0db8255d70f7d1
                                                                                                • Instruction Fuzzy Hash: 5EB13C71D0011DABDF25DBA4CC85EEEBBBDFF49350F5040A6FA09E6151EA309A448F61
                                                                                                Function 0095A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0095A427
                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0095A435
                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0095A468
                                                                                                • CloseHandle.KERNEL32(?), ref: 0095A63D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                • String ID:
                                                                                                • API String ID: 3488606520-0
                                                                                                • Opcode ID: 2b2a89305b5002c8943a50283045428353e68bcbc9679950e2511c6fcf22f4ea
                                                                                                • Instruction ID: e80518a1c4d480bc721f45f40d35c228f5604343e546510969dd8c6ae7b5e301
                                                                                                • Opcode Fuzzy Hash: 2b2a89305b5002c8943a50283045428353e68bcbc9679950e2511c6fcf22f4ea
                                                                                                • Instruction Fuzzy Hash: B7A19B716043019FD720DF29C882F2AB7E5EF84714F14891DF99ADB392DAB0EC458B86
                                                                                                Function 0093E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0093DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0093CF22,?), ref: 0093DDFD
                                                                                                  • Part of subcall function 0093DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0093CF22,?), ref: 0093DE16
                                                                                                  • Part of subcall function 0093E199: GetFileAttributesW.KERNEL32(?,0093CF95), ref: 0093E19A
                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0093E473
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0093E4AC
                                                                                                • _wcslen.LIBCMT ref: 0093E5EB
                                                                                                • _wcslen.LIBCMT ref: 0093E603
                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0093E650
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 3183298772-0
                                                                                                • Opcode ID: 710073c129fe16cc28f643ed2c63b747ced258ffe89b52f972a2dca7f53dc376
                                                                                                • Instruction ID: 816b6486888dcec3017a1adc6f959fc700939276effdbaf4b614e361e13534b0
                                                                                                • Opcode Fuzzy Hash: 710073c129fe16cc28f643ed2c63b747ced258ffe89b52f972a2dca7f53dc376
                                                                                                • Instruction Fuzzy Hash: 325194B25083455BC724DBA4D885AEF77DCEF84344F00491EF6C9D3191EF74A6888B56
                                                                                                Function 0095B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 0095C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0095B6AE,?,?), ref: 0095C9B5
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095C9F1
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA68
                                                                                                  • Part of subcall function 0095C998: _wcslen.LIBCMT ref: 0095CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0095BAA5
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0095BB00
                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0095BB63
                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 0095BBA6
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0095BBB3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                • String ID:
                                                                                                • API String ID: 826366716-0
                                                                                                • Opcode ID: a21d041bf5c6f334093caeeac9977f1e36f93f7103a6ebbd418038cca974a797
                                                                                                • Instruction ID: 170c4d6fb87aa5d5362a8e8b3410e2937b991f26455c650d8627b98a1356aee1
                                                                                                • Opcode Fuzzy Hash: a21d041bf5c6f334093caeeac9977f1e36f93f7103a6ebbd418038cca974a797
                                                                                                • Instruction Fuzzy Hash: D261B571208241EFD714DF15C490E2ABBE9FF84308F54895DF4998B2A2DB71ED49CB92
                                                                                                Function 00938BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 00938BCD
                                                                                                • VariantClear.OLEAUT32 ref: 00938C3E
                                                                                                • VariantClear.OLEAUT32 ref: 00938C9D
                                                                                                • VariantClear.OLEAUT32(?), ref: 00938D10
                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00938D3B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                • String ID:
                                                                                                • API String ID: 4136290138-0
                                                                                                • Opcode ID: 4f2a5076e01a3c5036ccaf43941a165f58e3fff1c4fa131d407123a951e92c65
                                                                                                • Instruction ID: 96442da4b49d4bc3db027945746ecfc2e8ffcb7dfd831a21955863ec435decac
                                                                                                • Opcode Fuzzy Hash: 4f2a5076e01a3c5036ccaf43941a165f58e3fff1c4fa131d407123a951e92c65
                                                                                                • Instruction Fuzzy Hash: FB5147B5A10219AFCB10CF68C884AAAB7F9FF89310F158559F955DB350EB34E911CFA0
                                                                                                Function 00948AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00948BAE
                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00948BDA
                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00948C32
                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00948C57
                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00948C5F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                • String ID:
                                                                                                • API String ID: 2832842796-0
                                                                                                • Opcode ID: c68dfbc0ae175bfc8fef1d4f9bd2e29b44ef4cd8db91db963909917c3915ebc9
                                                                                                • Instruction ID: 7bedbac37cd0c627ca413654367e641ea93f9757cfe32e8da9d414621f913df2
                                                                                                • Opcode Fuzzy Hash: c68dfbc0ae175bfc8fef1d4f9bd2e29b44ef4cd8db91db963909917c3915ebc9
                                                                                                • Instruction Fuzzy Hash: 18515935A00215AFCB00DF69C880E6EBBF5FF49314F088459E849AB362DB31ED41CB91
                                                                                                Function 00958EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00958F40
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00958FD0
                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00958FEC
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00959032
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00959052
                                                                                                  • Part of subcall function 008EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00941043,?,753CE610), ref: 008EF6E6
                                                                                                  • Part of subcall function 008EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0092FA64,00000000,00000000,?,?,00941043,?,753CE610,?,0092FA64), ref: 008EF70D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                • String ID:
                                                                                                • API String ID: 666041331-0
                                                                                                • Opcode ID: 91c79a3834da7941691e95ca752542022abf00eb2e7ec7bf58b95dc5ebd74443
                                                                                                • Instruction ID: 473f782f6ebf138c0d6a3417feb60de1a9e06da1fe89669d00cadfbf0ac7e868
                                                                                                • Opcode Fuzzy Hash: 91c79a3834da7941691e95ca752542022abf00eb2e7ec7bf58b95dc5ebd74443
                                                                                                • Instruction Fuzzy Hash: 05516934604205DFC700DF69C4848ADBBF5FF49324B0581A9EC4AAB362DB31ED8ACB91
                                                                                                Function 00966B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00966C33
                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00966C4A
                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00966C73
                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0094AB79,00000000,00000000), ref: 00966C98
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00966CC7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                • String ID:
                                                                                                • API String ID: 3688381893-0
                                                                                                • Opcode ID: 7107a688ffda50cf9fca26f4c09733483367afb3c872c6e82268804474057be5
                                                                                                • Instruction ID: ffffe854e9f82a6d829780bbbb659543c2a4a34f998acdeafff8ad8448264b2e
                                                                                                • Opcode Fuzzy Hash: 7107a688ffda50cf9fca26f4c09733483367afb3c872c6e82268804474057be5
                                                                                                • Instruction Fuzzy Hash: 4541D435A08504AFDB24CF38CC58FBA7BA9EB49350F140229FAD5A72E0C375AD41DA80
                                                                                                Function 00902051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: ad944514c7f1e6eee194bc184e549de50be9bf178c946e9b2a1957558df1416e
                                                                                                • Instruction ID: 1a7d396447edc68fa97e7a28e34ef993c9d7d5e0a4397e22967ae349ce99aa23
                                                                                                • Opcode Fuzzy Hash: ad944514c7f1e6eee194bc184e549de50be9bf178c946e9b2a1957558df1416e
                                                                                                • Instruction Fuzzy Hash: 2B41D172A003009FCB24DF78C885A5EB7B5EF8A314F1545A9EA15EB392DA31AD01CB91
                                                                                                Function 008E912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCursorPos.USER32(?), ref: 008E9141
                                                                                                • ScreenToClient.USER32(00000000,?), ref: 008E915E
                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 008E9183
                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 008E919D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                • String ID:
                                                                                                • API String ID: 4210589936-0
                                                                                                • Opcode ID: 4fbccf9411417ed13bed8d64d1736db45a6499735faeca386b8c310c3b3d1a6f
                                                                                                • Instruction ID: 1b3dc17b126ccf8f281b548c649e030c115844218614371508acd87052639f42
                                                                                                • Opcode Fuzzy Hash: 4fbccf9411417ed13bed8d64d1736db45a6499735faeca386b8c310c3b3d1a6f
                                                                                                • Instruction Fuzzy Hash: 2B418F7190C61AFBDF059FA9D844BEEB774FF06324F204219F469A3290C7786950CB51
                                                                                                Function 00943874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetInputState.USER32 ref: 009438CB
                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00943922
                                                                                                • TranslateMessage.USER32(?), ref: 0094394B
                                                                                                • DispatchMessageW.USER32(?), ref: 00943955
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00943966
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                • String ID:
                                                                                                • API String ID: 2256411358-0
                                                                                                • Opcode ID: f3ddd982b74c87c325e76d5b6bf58c49174486c25486e5e0b395b312b41af025
                                                                                                • Instruction ID: d99a043c0ced6228ba8cc1ba1ebe992c47b05326654429ddd6caa772b66b66cd
                                                                                                • Opcode Fuzzy Hash: f3ddd982b74c87c325e76d5b6bf58c49174486c25486e5e0b395b312b41af025
                                                                                                • Instruction Fuzzy Hash: 06319170928342DEEB29CB359858FB677ACAB06304F04856DE4A2821A0E7F49A84DB51
                                                                                                Function 0094CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0094CF38
                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 0094CF6F
                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,0094C21E,00000000), ref: 0094CFB4
                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,0094C21E,00000000), ref: 0094CFC8
                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,0094C21E,00000000), ref: 0094CFF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                • String ID:
                                                                                                • API String ID: 3191363074-0
                                                                                                • Opcode ID: a3237977945f27b2282bb6d6bcf9bb0e877b48063ca34568432e9bc89b0bb480
                                                                                                • Instruction ID: 0b616c966bf6bfdd3bcf1a4128642362213d87fcc8506d433339b0f47a7f7cfb
                                                                                                • Opcode Fuzzy Hash: a3237977945f27b2282bb6d6bcf9bb0e877b48063ca34568432e9bc89b0bb480
                                                                                                • Instruction Fuzzy Hash: 19317AB1605205AFDB60DFA5C884EABBBFDEB14351B1044AEF516D2201EB38EE449B60
                                                                                                Function 00931901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 00931915
                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 009319C1
                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 009319C9
                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 009319DA
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 009319E2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3382505437-0
                                                                                                • Opcode ID: bbd3a8ded85c2f1c581e74cbd25ecf2e3807bb091eaa5586f33291f9c2ede80f
                                                                                                • Instruction ID: 41d8644a45f5102ef9bbdcdb4e64fced40d8e451d89dca797d07e12df536120b
                                                                                                • Opcode Fuzzy Hash: bbd3a8ded85c2f1c581e74cbd25ecf2e3807bb091eaa5586f33291f9c2ede80f
                                                                                                • Instruction Fuzzy Hash: 7331B171900219EFCB04CFA8DD99BEE3BB5EB45315F104229F961A72E1C7B09954DF90
                                                                                                Function 00965706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00965745
                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 0096579D
                                                                                                • _wcslen.LIBCMT ref: 009657AF
                                                                                                • _wcslen.LIBCMT ref: 009657BA
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00965816
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 763830540-0
                                                                                                • Opcode ID: d6e01a407a34e40760e81584a3b1be7fbe39b19a8e2150577d4aace6e89b1a2a
                                                                                                • Instruction ID: a8a6fef750981f93636933fbac660488a89be76a63c13487f451ec6f0c19d530
                                                                                                • Opcode Fuzzy Hash: d6e01a407a34e40760e81584a3b1be7fbe39b19a8e2150577d4aace6e89b1a2a
                                                                                                • Instruction Fuzzy Hash: 1121B471904619DADB209FA5CC84AEE7BBCFF04724F108256F929EB194DBB48985CF50
                                                                                                Function 00950930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000000), ref: 00950951
                                                                                                • GetForegroundWindow.USER32 ref: 00950968
                                                                                                • GetDC.USER32(00000000), ref: 009509A4
                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 009509B0
                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 009509E8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                • String ID:
                                                                                                • API String ID: 4156661090-0
                                                                                                • Opcode ID: e1d01846b05543dbe999faac2dd73f36c20fda748d33129bea2bdcdec37f613f
                                                                                                • Instruction ID: e4b75c6f4e880e04cd845953c1a64b34dfd3eb45b079324ed613fa52b0572333
                                                                                                • Opcode Fuzzy Hash: e1d01846b05543dbe999faac2dd73f36c20fda748d33129bea2bdcdec37f613f
                                                                                                • Instruction Fuzzy Hash: 2A215E75600204AFD704EF69D894AAEBBE9EF84741F04846DF88AD7362CA70AC44DB50
                                                                                                Function 008E990E Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000008), ref: 008E98CC
                                                                                                • SetTextColor.GDI32(?,?), ref: 008E98D6
                                                                                                • SetBkMode.GDI32(?,00000001), ref: 008E98E9
                                                                                                • GetStockObject.GDI32(00000005), ref: 008E98F1
                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 008E9952
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$LongModeObjectStockTextWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1860813098-0
                                                                                                • Opcode ID: 71bb0f718bb09326907fd0815a44cb582ccf42a6b16fd3112273ad7973f68d45
                                                                                                • Instruction ID: 8787feefc95c3f64d78f02710c1fa88acfc6ea75b475472dcf8ffc58769d090e
                                                                                                • Opcode Fuzzy Hash: 71bb0f718bb09326907fd0815a44cb582ccf42a6b16fd3112273ad7973f68d45
                                                                                                • Instruction Fuzzy Hash: 8521F1311892909FC7128F25EC54AEA3F64FB13330B0801ADF9D2CA1A2C7B64982DB50
                                                                                                Function 0090CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0090CDC6
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0090CDE9
                                                                                                  • Part of subcall function 00903820: RtlAllocateHeap.NTDLL(00000000,?,009A1444,?,008EFDF5,?,?,008DA976,00000010,009A1440,008D13FC,?,008D13C6,?,008D1129), ref: 00903852
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0090CE0F
                                                                                                • _free.LIBCMT ref: 0090CE22
                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0090CE31
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 336800556-0
                                                                                                • Opcode ID: 3fb6f04201d52fd8b6104fa65b57267304b27879aa00f9abebd047299611f005
                                                                                                • Instruction ID: b19dd1f7f745ec92fa1c7bd356da636584b1fe7407e26d207aa836d72eff94fa
                                                                                                • Opcode Fuzzy Hash: 3fb6f04201d52fd8b6104fa65b57267304b27879aa00f9abebd047299611f005
                                                                                                • Instruction Fuzzy Hash: 6401A7F26052157FA32127B6AC8CD7F7E6DDEC7BA1315422EFD05D7281EA618D01A1B0
                                                                                                Function 008E9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008E9693
                                                                                                • SelectObject.GDI32(?,00000000), ref: 008E96A2
                                                                                                • BeginPath.GDI32(?), ref: 008E96B9
                                                                                                • SelectObject.GDI32(?,00000000), ref: 008E96E2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                • String ID:
                                                                                                • API String ID: 3225163088-0
                                                                                                • Opcode ID: 9462629205a2bde6ecd7b00fb1d5d274e3b9ff698ca87797849f171c483af921
                                                                                                • Instruction ID: bdfba4688b13c0900bd0a430c417ffdef7c8cc9e142c779de446107f2a0ae0d6
                                                                                                • Opcode Fuzzy Hash: 9462629205a2bde6ecd7b00fb1d5d274e3b9ff698ca87797849f171c483af921
                                                                                                • Instruction Fuzzy Hash: 8F218370829345EBDB119F69FC147AA7B68FF93355F10021AF490E61B0D3B05991EBD4
                                                                                                Function 00935711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 2931989736-0
                                                                                                • Opcode ID: e7607fdac5cba924db7f7a346c64f2fe1efd3b9b402261b0efe0cbf9a564cf6d
                                                                                                • Instruction ID: ed1fd197209e3ac4aeee8ecbd208b4cde795b111220a17654ba8d09e5c74895e
                                                                                                • Opcode Fuzzy Hash: e7607fdac5cba924db7f7a346c64f2fe1efd3b9b402261b0efe0cbf9a564cf6d
                                                                                                • Instruction Fuzzy Hash: 8301B561645609FBD6085524AD92FBB735EEB75398F424020FE0ADA241F768EE10CAE1
                                                                                                Function 00902DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,?,008FF2DE,00903863,009A1444,?,008EFDF5,?,?,008DA976,00000010,009A1440,008D13FC,?,008D13C6), ref: 00902DFD
                                                                                                • _free.LIBCMT ref: 00902E32
                                                                                                • _free.LIBCMT ref: 00902E59
                                                                                                • SetLastError.KERNEL32(00000000,008D1129), ref: 00902E66
                                                                                                • SetLastError.KERNEL32(00000000,008D1129), ref: 00902E6F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free
                                                                                                • String ID:
                                                                                                • API String ID: 3170660625-0
                                                                                                • Opcode ID: a95764157fa8b708d0794d4f07260e26e6bd503b0be82cf986c8b7886c8dfe2e
                                                                                                • Instruction ID: c5afcc8f1f60bbe11067813a102c79a2d2d9e5ae29f10124a0ec65b17aa80ab4
                                                                                                • Opcode Fuzzy Hash: a95764157fa8b708d0794d4f07260e26e6bd503b0be82cf986c8b7886c8dfe2e
                                                                                                • Instruction Fuzzy Hash: FD01287628D6006FC6123738AC4DE3B265DAFD17B5B314439F865A22D2EF748C016120
                                                                                                Function 0093000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?,?,?,0093035E), ref: 0093002B
                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?,?), ref: 00930046
                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?,?), ref: 00930054
                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?), ref: 00930064
                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0092FF41,80070057,?,?), ref: 00930070
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 3897988419-0
                                                                                                • Opcode ID: 8168dc29b04d4cb1f855ba62729a4e9f59d3405e672514fd2c87a6464fa9cfee
                                                                                                • Instruction ID: 4c104d20d94de8f817da9b7f51b8f5a301bd56fabc7b2d6c40a9db8bce2dfef1
                                                                                                • Opcode Fuzzy Hash: 8168dc29b04d4cb1f855ba62729a4e9f59d3405e672514fd2c87a6464fa9cfee
                                                                                                • Instruction Fuzzy Hash: 7B01A2B2610218BFDB245F68DC44BBA7AEDEF84791F144128F945D3210D7B5DD40EBA0
                                                                                                Function 0093E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0093E997
                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 0093E9A5
                                                                                                • Sleep.KERNEL32(00000000), ref: 0093E9AD
                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0093E9B7
                                                                                                • Sleep.KERNEL32 ref: 0093E9F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                • String ID:
                                                                                                • API String ID: 2833360925-0
                                                                                                • Opcode ID: 0a9fdf57dcf297061dd18e0a1742e9cb081b3d8f64f9bbf8fc1d2b483d7ee93f
                                                                                                • Instruction ID: bc16a8e491bf98582e4bd63dbc9d74a693d3e942126d132e35c92ed42214ab28
                                                                                                • Opcode Fuzzy Hash: 0a9fdf57dcf297061dd18e0a1742e9cb081b3d8f64f9bbf8fc1d2b483d7ee93f
                                                                                                • Instruction Fuzzy Hash: 96015771C19A2DDBCF00AFE4DC59AEDBB78FB09301F01054AE942B2280CB7495519BA2
                                                                                                Function 009310F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00931114
                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 00931120
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 0093112F
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00930B9B,?,?,?), ref: 00931136
                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0093114D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 842720411-0
                                                                                                • Opcode ID: f11be492d1937ee4048e0d7b821ee73783cfa8557c8e3c7aa35862bbe49ffc5e
                                                                                                • Instruction ID: 01c5bcb12f36aca4c2d666b06f5a38c44791ccdc08cd4db2b92851020ebd4e4d
                                                                                                • Opcode Fuzzy Hash: f11be492d1937ee4048e0d7b821ee73783cfa8557c8e3c7aa35862bbe49ffc5e
                                                                                                • Instruction Fuzzy Hash: E0013CB5214205BFDB114FA5DC49EAA3F6EEF8A3A0F214419FA85D7360DB71DC00AE60
                                                                                                Function 00930FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00930FCA
                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00930FD6
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00930FE5
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00930FEC
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00931002
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 44706859-0
                                                                                                • Opcode ID: 62d14e7eaff5aed532827c6428114e5f62cb53740cf5ed9c59bbf3dbf25cbedb
                                                                                                • Instruction ID: fb1b9358570499fec33addd34a85a931d16d895be1a00ffc4c22ba7d0d973189
                                                                                                • Opcode Fuzzy Hash: 62d14e7eaff5aed532827c6428114e5f62cb53740cf5ed9c59bbf3dbf25cbedb
                                                                                                • Instruction Fuzzy Hash: 90F06DB5214301FBDB214FA5DC4DF663BADEF8A762F114418FA89D7261CAB1DC409A60
                                                                                                Function 00931014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0093102A
                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00931036
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00931045
                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0093104C
                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00931062
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 44706859-0
                                                                                                • Opcode ID: 4cd31245905c6266866617097b93b925795f22ef55d6c3565c13c3312f58c92b
                                                                                                • Instruction ID: 3e020ad12c2247383a159147eaf33fa7f167417f6f5b6fe6f8ecc049453c8c43
                                                                                                • Opcode Fuzzy Hash: 4cd31245905c6266866617097b93b925795f22ef55d6c3565c13c3312f58c92b
                                                                                                • Instruction Fuzzy Hash: EEF06DB5214301FBDB215FA5EC59F663BADEF8A761F110418FA85D7260CAB1D8409A60
                                                                                                Function 0094030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,0094017D,?,009432FC,?,00000001,00912592,?), ref: 00940324
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,0094017D,?,009432FC,?,00000001,00912592,?), ref: 00940331
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,0094017D,?,009432FC,?,00000001,00912592,?), ref: 0094033E
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,0094017D,?,009432FC,?,00000001,00912592,?), ref: 0094034B
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,0094017D,?,009432FC,?,00000001,00912592,?), ref: 00940358
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,0094017D,?,009432FC,?,00000001,00912592,?), ref: 00940365
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID:
                                                                                                • API String ID: 2962429428-0
                                                                                                • Opcode ID: 35d03c09e474f8a9539f9f753924874a7ab28b25da76f29834cb7241e8bc158e
                                                                                                • Instruction ID: 36bce1cc66941ec0e829195cf7e2f4ece4a2c5fa849232a2ce85ff06b60d27c0
                                                                                                • Opcode Fuzzy Hash: 35d03c09e474f8a9539f9f753924874a7ab28b25da76f29834cb7241e8bc158e
                                                                                                • Instruction Fuzzy Hash: EC017A72801B159FCB30AF66D890816FBF9BFA03153158A3FD29652931C7B1A999DF80
                                                                                                Function 0090D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0090D752
                                                                                                  • Part of subcall function 009029C8: HeapFree.KERNEL32(00000000,00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000), ref: 009029DE
                                                                                                  • Part of subcall function 009029C8: GetLastError.KERNEL32(00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000,00000000), ref: 009029F0
                                                                                                • _free.LIBCMT ref: 0090D764
                                                                                                • _free.LIBCMT ref: 0090D776
                                                                                                • _free.LIBCMT ref: 0090D788
                                                                                                • _free.LIBCMT ref: 0090D79A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 10c970dedee5bad978f48feb0ca3bd1ac502049058a9b1f0e184b7b9d8064a29
                                                                                                • Instruction ID: 777b8fc13c5da77816ef7e789ed01cd09f3f562712a771a5df9a6b2a4403c109
                                                                                                • Opcode Fuzzy Hash: 10c970dedee5bad978f48feb0ca3bd1ac502049058a9b1f0e184b7b9d8064a29
                                                                                                • Instruction Fuzzy Hash: DBF036B2555204AFC625EBADFEC5D1677DDBB847107A40C06F058E7581C730FC8086B4
                                                                                                Function 00935C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00935C58
                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00935C6F
                                                                                                • MessageBeep.USER32(00000000), ref: 00935C87
                                                                                                • KillTimer.USER32(?,0000040A), ref: 00935CA3
                                                                                                • EndDialog.USER32(?,00000001), ref: 00935CBD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3741023627-0
                                                                                                • Opcode ID: 7d1637aac31be7520b43d0c34eaedc8bafe486791e8a3fb09a33b3b07783117e
                                                                                                • Instruction ID: d49a1adf0d71f9f396534ead8d582aff7ac7fac4af8e3c83cab106921865bf5b
                                                                                                • Opcode Fuzzy Hash: 7d1637aac31be7520b43d0c34eaedc8bafe486791e8a3fb09a33b3b07783117e
                                                                                                • Instruction Fuzzy Hash: 6801D170504B04ABEB206B10DD8EFA677B8FB04B09F01166EF1C3A14E0DBF4A984DE90
                                                                                                Function 009022A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 009022BE
                                                                                                  • Part of subcall function 009029C8: HeapFree.KERNEL32(00000000,00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000), ref: 009029DE
                                                                                                  • Part of subcall function 009029C8: GetLastError.KERNEL32(00000000,?,0090D7D1,00000000,00000000,00000000,00000000,?,0090D7F8,00000000,00000007,00000000,?,0090DBF5,00000000,00000000), ref: 009029F0
                                                                                                • _free.LIBCMT ref: 009022D0
                                                                                                • _free.LIBCMT ref: 009022E3
                                                                                                • _free.LIBCMT ref: 009022F4
                                                                                                • _free.LIBCMT ref: 00902305
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 3f82c061146e49d1a67b1a928ae321ac41ed9a340258182dcf665e3496a3dfc9
                                                                                                • Instruction ID: 5f5d832ca004cc9f8c90f4620abca1df0907f4ea9e8377b6eba61b60a4084172
                                                                                                • Opcode Fuzzy Hash: 3f82c061146e49d1a67b1a928ae321ac41ed9a340258182dcf665e3496a3dfc9
                                                                                                • Instruction Fuzzy Hash: 77F03AB48382208FCA12BF58BD05A483FA4BBAA765B50050BF830E32F1C7314811BBE4
                                                                                                Function 008E95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EndPath.GDI32(?), ref: 008E95D4
                                                                                                • StrokeAndFillPath.GDI32(?,?,009271F7,00000000,?,?,?), ref: 008E95F0
                                                                                                • SelectObject.GDI32(?,00000000), ref: 008E9603
                                                                                                • DeleteObject.GDI32 ref: 008E9616
                                                                                                • StrokePath.GDI32(?), ref: 008E9631
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                • String ID:
                                                                                                • API String ID: 2625713937-0
                                                                                                • Opcode ID: ac0cc13bd604cb557c9c0e85e6f723dd169f71acf1dbdd4ec5effd7f317ae6c9
                                                                                                • Instruction ID: 7bfb90114572dfb0fa126b8b5d921566fad3b086086b7e283a73871c024c76a4
                                                                                                • Opcode Fuzzy Hash: ac0cc13bd604cb557c9c0e85e6f723dd169f71acf1dbdd4ec5effd7f317ae6c9
                                                                                                • Instruction Fuzzy Hash: 37F0193002D248EBDB125F66ED187663B61FB933A2F048219F4A5950F0C7B08995EFA0
                                                                                                Function 00900F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __freea$_free
                                                                                                • String ID: a/p$am/pm
                                                                                                • API String ID: 3432400110-3206640213
                                                                                                • Opcode ID: 51f9c981d5f7aba40f032c966d013c9f5c0eb7365f148d99bd25911d5a278af5
                                                                                                • Instruction ID: e9453e75f95515b3c267212ac52504f9837a7e49311043233bf6c4313a7d79bd
                                                                                                • Opcode Fuzzy Hash: 51f9c981d5f7aba40f032c966d013c9f5c0eb7365f148d99bd25911d5a278af5
                                                                                                • Instruction Fuzzy Hash: FCD14731904206DFDB289F68C885BFEB7B9FF06700F284559EA51AB6D0D3799D80CB91
                                                                                                Function 00957B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008F0242: EnterCriticalSection.KERNEL32(009A070C,009A1884,?,?,008E198B,009A2518,?,?,?,008D12F9,00000000), ref: 008F024D
                                                                                                  • Part of subcall function 008F0242: LeaveCriticalSection.KERNEL32(009A070C,?,008E198B,009A2518,?,?,?,008D12F9,00000000), ref: 008F028A
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 008F00A3: __onexit.LIBCMT ref: 008F00A9
                                                                                                • __Init_thread_footer.LIBCMT ref: 00957BFB
                                                                                                  • Part of subcall function 008F01F8: EnterCriticalSection.KERNEL32(009A070C,?,?,008E8747,009A2514), ref: 008F0202
                                                                                                  • Part of subcall function 008F01F8: LeaveCriticalSection.KERNEL32(009A070C,?,008E8747,009A2514), ref: 008F0235
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                • API String ID: 535116098-3733170431
                                                                                                • Opcode ID: 5c4d035c7e04c8a86ee2e9310f784dc31bb842130459293cc768f7ae37906ab4
                                                                                                • Instruction ID: f2cde9cd91413aca2ad85dda0e7a476379a68b8013bbd52e196c5e0181a0e81b
                                                                                                • Opcode Fuzzy Hash: 5c4d035c7e04c8a86ee2e9310f784dc31bb842130459293cc768f7ae37906ab4
                                                                                                • Instruction Fuzzy Hash: 13919A70A04209AFCB14EF99E8919BDB7B5FF89301F108459F8469B392DB31AE49CB51
                                                                                                Function 00932716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0093B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009321D0,?,?,00000034,00000800,?,00000034), ref: 0093B42D
                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00932760
                                                                                                  • Part of subcall function 0093B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009321FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0093B3F8
                                                                                                  • Part of subcall function 0093B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0093B355
                                                                                                  • Part of subcall function 0093B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00932194,00000034,?,?,00001004,00000000,00000000), ref: 0093B365
                                                                                                  • Part of subcall function 0093B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00932194,00000034,?,?,00001004,00000000,00000000), ref: 0093B37B
                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009327CD
                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0093281A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                • String ID: @
                                                                                                • API String ID: 4150878124-2766056989
                                                                                                • Opcode ID: d315f605fb6c052950bb978c5bf3ba0daa7c1297f961367cd7770421646e9b57
                                                                                                • Instruction ID: 98c96e53907f4b7f4980e8cf5b473aa6d8b3cad2fa26d69dd79520ee956a7fbf
                                                                                                • Opcode Fuzzy Hash: d315f605fb6c052950bb978c5bf3ba0daa7c1297f961367cd7770421646e9b57
                                                                                                • Instruction Fuzzy Hash: 06413876901218BEDB10DBA4C885BEEBBB8EF49300F104099FA55B7181DB706E45CFA1
                                                                                                Function 0090172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00901769
                                                                                                • _free.LIBCMT ref: 00901834
                                                                                                • _free.LIBCMT ref: 0090183E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$FileModuleName
                                                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                                                • API String ID: 2506810119-1957095476
                                                                                                • Opcode ID: 521ad646c8b9eb369de0acdb0a1bc790dd453cd5f953b2ebec773b0faa5f14ea
                                                                                                • Instruction ID: 505a285b8c147e73f0d5000a935a093dcd41b5c9a9b65966dae5fd6006221534
                                                                                                • Opcode Fuzzy Hash: 521ad646c8b9eb369de0acdb0a1bc790dd453cd5f953b2ebec773b0faa5f14ea
                                                                                                • Instruction Fuzzy Hash: 33316D75A04218EFDB21DF999885E9EBBFCEF85310F14416AF914D7291D6B08E40DBA0
                                                                                                Function 0093C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0093C306
                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 0093C34C
                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,009A1990,00D16768), ref: 0093C395
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                • String ID: 0
                                                                                                • API String ID: 135850232-4108050209
                                                                                                • Opcode ID: 5224f50a6e46048a45bb1eaa78644c8aa17cf47caff4790a3a5a6d0f58a8556a
                                                                                                • Instruction ID: 676ff7d5302822a024437fa00442ff327f3dd127acc3f2e13f0869fe44faed5b
                                                                                                • Opcode Fuzzy Hash: 5224f50a6e46048a45bb1eaa78644c8aa17cf47caff4790a3a5a6d0f58a8556a
                                                                                                • Instruction Fuzzy Hash: 8741B2B12087019FD724DF28D884B2ABBE8EF85311F008A1DF9A5A72D1D770E904CF52
                                                                                                Function 00964416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0096CC08,00000000,?,?,?,?), ref: 009644AA
                                                                                                • GetWindowLongW.USER32 ref: 009644C7
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009644D7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID: SysTreeView32
                                                                                                • API String ID: 847901565-1698111956
                                                                                                • Opcode ID: abab2444faf46aae9897fef1b7a3a84bf8c92850630bfcca71cd3814c5e6fd6a
                                                                                                • Instruction ID: dfe2c3905179391cb1ee22a28caec5f998839447ae8f045fef64be3bd4dc0f1d
                                                                                                • Opcode Fuzzy Hash: abab2444faf46aae9897fef1b7a3a84bf8c92850630bfcca71cd3814c5e6fd6a
                                                                                                • Instruction Fuzzy Hash: 8631AB71214605AFDF218EB8DC46BEA7BA9EB09378F204715F975E21E0DB70EC909B50
                                                                                                Function 0095304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0095335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00953077,?,?), ref: 00953378
                                                                                                • inet_addr.WSOCK32(?), ref: 0095307A
                                                                                                • _wcslen.LIBCMT ref: 0095309B
                                                                                                • htons.WSOCK32(00000000), ref: 00953106
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                • String ID: 255.255.255.255
                                                                                                • API String ID: 946324512-2422070025
                                                                                                • Opcode ID: 0617b2c4597f189b9cd43ee135829c23434178c28a4e666241e40b5e2e4e7420
                                                                                                • Instruction ID: 974b6f4318489888455e7aa7f6d17bccf6b392f4926ba529f5bad85cda78ca68
                                                                                                • Opcode Fuzzy Hash: 0617b2c4597f189b9cd43ee135829c23434178c28a4e666241e40b5e2e4e7420
                                                                                                • Instruction Fuzzy Hash: 8131D0352043059FCB20CF3AC485AAAB7E4EF14399F24C059E8158B392DB72EE49C761
                                                                                                Function 00963EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00963F40
                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00963F54
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00963F78
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window
                                                                                                • String ID: SysMonthCal32
                                                                                                • API String ID: 2326795674-1439706946
                                                                                                • Opcode ID: efc8c941a0fef7c436993efc9636b442d0993693e160dd97a493cbb3ecdfded9
                                                                                                • Instruction ID: a38fb5f257ca43292fde905f7d810419646753d27f0be22e0c63cdbd93ea699f
                                                                                                • Opcode Fuzzy Hash: efc8c941a0fef7c436993efc9636b442d0993693e160dd97a493cbb3ecdfded9
                                                                                                • Instruction Fuzzy Hash: EA21D132610219BFEF118F94CC46FEA3B79EF88714F114214FA156B1D0D6B5AC50DBA0
                                                                                                Function 00964653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00964705
                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00964713
                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0096471A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                • String ID: msctls_updown32
                                                                                                • API String ID: 4014797782-2298589950
                                                                                                • Opcode ID: e70f56e9bca5736aa8f9e78be836ab9dcf4bc9e41892cec8ba6f9b9f522b771c
                                                                                                • Instruction ID: b8778147e705fb0b685dc1dbcf542b00604bf37c2d8285f5dc93b8e8779fb167
                                                                                                • Opcode Fuzzy Hash: e70f56e9bca5736aa8f9e78be836ab9dcf4bc9e41892cec8ba6f9b9f522b771c
                                                                                                • Instruction Fuzzy Hash: 9F2190B5604209AFDB10DF68DCC1DB737ADEF9A3A4B040149FA009B361DB70EC11DA60
                                                                                                Function 009395AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                • API String ID: 176396367-2734436370
                                                                                                • Opcode ID: 76b76d90b4d2f287ec5c20c765f630b994cacfbb8ac3973a8894741e5d351cdf
                                                                                                • Instruction ID: 862e0ab88341c62fef4af791e89b9181835f7603ad2d39401d30eb2c1a715177
                                                                                                • Opcode Fuzzy Hash: 76b76d90b4d2f287ec5c20c765f630b994cacfbb8ac3973a8894741e5d351cdf
                                                                                                • Instruction Fuzzy Hash: 4D215B32205611A6C331AB389C17FBB73DCEF91304F504426FA4ADB141FBD5AD81CA96
                                                                                                Function 009637B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00963840
                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00963850
                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00963876
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                • String ID: Listbox
                                                                                                • API String ID: 3315199576-2633736733
                                                                                                • Opcode ID: e1027b439e1c0194d01a37d3a04b5510ce9f485cc91507b4bf3f474d6cf8b614
                                                                                                • Instruction ID: 8a2245f464de4bb5130e74f625aaf4751b4e7d0abed7de73759f8c56cb651880
                                                                                                • Opcode Fuzzy Hash: e1027b439e1c0194d01a37d3a04b5510ce9f485cc91507b4bf3f474d6cf8b614
                                                                                                • Instruction Fuzzy Hash: B921C272614118BBEF118F54CC45FFB376EEF89754F108114F9009B190C6B1DC5197A0
                                                                                                Function 009449F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00944A08
                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00944A5C
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,0096CC08), ref: 00944AD0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                • String ID: %lu
                                                                                                • API String ID: 2507767853-685833217
                                                                                                • Opcode ID: 6feb140d03d7133ca1471cbbfdf1673f7d103009d3ab3d2990e4c43d73cf767d
                                                                                                • Instruction ID: 4bdd341a7d4c2a6b4416d6da35ab16aef3e3a2856c2af4105858e14bae23f72f
                                                                                                • Opcode Fuzzy Hash: 6feb140d03d7133ca1471cbbfdf1673f7d103009d3ab3d2990e4c43d73cf767d
                                                                                                • Instruction Fuzzy Hash: BE317171A00108AFDB10DF58C885EAA7BF8EF49308F1480A9F949DB362DB71ED45CB61
                                                                                                Function 009641EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0096424F
                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00964264
                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00964271
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: msctls_trackbar32
                                                                                                • API String ID: 3850602802-1010561917
                                                                                                • Opcode ID: fa1b725f8c79a0288e2466215e236736fe4b53ae43fadd98397ccacfe196f3e4
                                                                                                • Instruction ID: 47869c2c137dccf0031c898054542f6bbead4915259ec506ce6752994976cade
                                                                                                • Opcode Fuzzy Hash: fa1b725f8c79a0288e2466215e236736fe4b53ae43fadd98397ccacfe196f3e4
                                                                                                • Instruction Fuzzy Hash: FE112931254208BEEF205FB8CC46FBB3BACEF95B54F110514FA65E20A0D6B1DC619B50
                                                                                                Function 00932F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D6B57: _wcslen.LIBCMT ref: 008D6B6A
                                                                                                  • Part of subcall function 00932DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00932DC5
                                                                                                  • Part of subcall function 00932DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00932DD6
                                                                                                  • Part of subcall function 00932DA7: GetCurrentThreadId.KERNEL32 ref: 00932DDD
                                                                                                  • Part of subcall function 00932DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00932DE4
                                                                                                • GetFocus.USER32 ref: 00932F78
                                                                                                  • Part of subcall function 00932DEE: GetParent.USER32(00000000), ref: 00932DF9
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00932FC3
                                                                                                • EnumChildWindows.USER32(?,0093303B), ref: 00932FEB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                • String ID: %s%d
                                                                                                • API String ID: 1272988791-1110647743
                                                                                                • Opcode ID: cb6db295daa8d818bb1075b465dc5345cc715e6899e9cf41dcbd3f14e6c71e1d
                                                                                                • Instruction ID: c40c271a763917c70db0dddbd00de623d46150a7e555e03d79b0f86cd50ed52e
                                                                                                • Opcode Fuzzy Hash: cb6db295daa8d818bb1075b465dc5345cc715e6899e9cf41dcbd3f14e6c71e1d
                                                                                                • Instruction Fuzzy Hash: 151190B1600209ABCF156F648C85FEE376AEFC4314F04807AF919EB292DE7099459F71
                                                                                                Function 00965882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009658C1
                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009658EE
                                                                                                • DrawMenuBar.USER32(?), ref: 009658FD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                • String ID: 0
                                                                                                • API String ID: 3227129158-4108050209
                                                                                                • Opcode ID: 4c2194eb7a93f3ea05791683d59394056a334d5521ef19ced10fca29c0244243
                                                                                                • Instruction ID: 04b11bc4c183da5b8003c1bda50a15a261da70ad714e846e753c084a3b9119f1
                                                                                                • Opcode Fuzzy Hash: 4c2194eb7a93f3ea05791683d59394056a334d5521ef19ced10fca29c0244243
                                                                                                • Instruction Fuzzy Hash: 9A01AD31504248EFDB209F12DC44BAEBBB8FF45360F008099F889DA161DB309A80EF31
                                                                                                Function 0092D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0092D3BF
                                                                                                • FreeLibrary.KERNEL32 ref: 0092D3E5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                • API String ID: 3013587201-2590602151
                                                                                                • Opcode ID: 91c5bba620236329be852d1cb6b1e7fe2462a7b64e3d518f27b4bf8782029bb7
                                                                                                • Instruction ID: 5126c6ce1fd46183cd7721925d8b5d3e0ab99830ef36fa5d9b5d56ce7cd594c0
                                                                                                • Opcode Fuzzy Hash: 91c5bba620236329be852d1cb6b1e7fe2462a7b64e3d518f27b4bf8782029bb7
                                                                                                • Instruction Fuzzy Hash: 2AF0ABB190FB31CBD7319210AC54ABD3358EF02B05F69881AF442E214DEB60CC44C2C2
                                                                                                Function 0093007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 14acfcd0927ab6f7b5af67987119fe6ffdf5322813dd57acc8d17d8f22a875b2
                                                                                                • Instruction ID: 22eb198ccca4ff7e11813bac65470b6229682e32d1a170d46e2da130a6df1b8e
                                                                                                • Opcode Fuzzy Hash: 14acfcd0927ab6f7b5af67987119fe6ffdf5322813dd57acc8d17d8f22a875b2
                                                                                                • Instruction Fuzzy Hash: 25C13975A0021AAFDB14CFA4C8A4AAEB7B9FF88704F208598E515EB251D731ED41DF90
                                                                                                Function 00903E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                • String ID:
                                                                                                • API String ID: 1036877536-0
                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                • Instruction ID: 9642b8ef4ad76a8bdc332fc70875b14ab741b050aa6cd8b6038341c981c4c564
                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                • Instruction Fuzzy Hash: 69A147B6E043869FEB21CF28C8917AEBBF8EF61350F14416DE7959B2C1C2389981C751
                                                                                                Function 0095342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 1998397398-0
                                                                                                • Opcode ID: 972dbc71c84556cfe64d44ccf3e347b3fd87600991bfc349042c7c3e8f93c0b6
                                                                                                • Instruction ID: 013de3c79f9fa111b34fc6568a9fa5cad96ab1d2f52d4c0951897b80a0311aa3
                                                                                                • Opcode Fuzzy Hash: 972dbc71c84556cfe64d44ccf3e347b3fd87600991bfc349042c7c3e8f93c0b6
                                                                                                • Instruction Fuzzy Hash: 23A116756042009FC710DF29C485A2AB7E5FF89755F048959FD8ADB362DB30EE05CB92
                                                                                                Function 00930436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0096FC08,?), ref: 009305F0
                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0096FC08,?), ref: 00930608
                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,0096CC40,000000FF,?,00000000,00000800,00000000,?,0096FC08,?), ref: 0093062D
                                                                                                • _memcmp.LIBVCRUNTIME ref: 0093064E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 314563124-0
                                                                                                • Opcode ID: 7ed1a929c4430fd72365fd588f561e3d2268d4daedd39fd5abf8f01bd4894e7d
                                                                                                • Instruction ID: 81540d7c2e4f15f3a9437bc5faec4266336d73f30bd8e261a20bca993e720fee
                                                                                                • Opcode Fuzzy Hash: 7ed1a929c4430fd72365fd588f561e3d2268d4daedd39fd5abf8f01bd4894e7d
                                                                                                • Instruction Fuzzy Hash: C181E871A00109AFCB04DF94C994DEEB7B9FF89315F204598F516AB250DB71AE06CF61
                                                                                                Function 0095A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0095A6AC
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0095A6BA
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0095A79C
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0095A7AB
                                                                                                  • Part of subcall function 008ECE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00913303,?), ref: 008ECE8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 1991900642-0
                                                                                                • Opcode ID: d8179fcee19d88d1c2dd62604b5a26861d7aa0eee84499432a727e476d9d617a
                                                                                                • Instruction ID: 518733a2a72de2cb77d3fcbbe4b26ed2d6876f3cc80108b475dda0f42376e841
                                                                                                • Opcode Fuzzy Hash: d8179fcee19d88d1c2dd62604b5a26861d7aa0eee84499432a727e476d9d617a
                                                                                                • Instruction Fuzzy Hash: 0C513B715083009FD710DF29D885A6BBBE8FF89754F004A1EF995D7251EB70D904CB92
                                                                                                Function 00911391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: f4aa925b06817e99e2de9518d12ed48e0ace8a2c7a1e23c599fc395186a9f057
                                                                                                • Instruction ID: 3c3107cd00ec1255a9ceb1af7c9b4b7c8edd96a7cc512fd6b6476f4c95472833
                                                                                                • Opcode Fuzzy Hash: f4aa925b06817e99e2de9518d12ed48e0ace8a2c7a1e23c599fc395186a9f057
                                                                                                • Instruction Fuzzy Hash: 6741273170011CBBDB256BBD8C45BFE3AA9FF81770F244625F729D21F2E67448815662
                                                                                                Function 00966278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 009662E2
                                                                                                • ScreenToClient.USER32(?,?), ref: 00966315
                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00966382
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                • String ID:
                                                                                                • API String ID: 3880355969-0
                                                                                                • Opcode ID: 5e2a39bc6c94d080bb681f380bfed3266fa1c57abffc25994214c3950dadff74
                                                                                                • Instruction ID: 8e5b34978aea85a3f12f3c57cb724cf3bc82065fe4d1583747fe9b8543e33664
                                                                                                • Opcode Fuzzy Hash: 5e2a39bc6c94d080bb681f380bfed3266fa1c57abffc25994214c3950dadff74
                                                                                                • Instruction Fuzzy Hash: 5F510B74A00209AFDF14DF58D880DAE7BB9FF85364F10825AF865972A0D770AD41DB90
                                                                                                Function 00951AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00951AFD
                                                                                                • WSAGetLastError.WSOCK32 ref: 00951B0B
                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00951B8A
                                                                                                • WSAGetLastError.WSOCK32 ref: 00951B94
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$socket
                                                                                                • String ID:
                                                                                                • API String ID: 1881357543-0
                                                                                                • Opcode ID: 44b8d227ab97c8736045338221de399b14339bbb784923c69101fae1a28d1c6b
                                                                                                • Instruction ID: 8f06c8570dcf8de0c3f84c86b12d5d3d7195001b44624c5ddc0f3789ec064065
                                                                                                • Opcode Fuzzy Hash: 44b8d227ab97c8736045338221de399b14339bbb784923c69101fae1a28d1c6b
                                                                                                • Instruction Fuzzy Hash: 6F41C174600200AFE720EF29C886F2977E5EB44718F548549F95A9F3D2E7B2DD41CB91
                                                                                                Function 0090B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fe9309aed92f6179f199e66c71d009e7277d1fd7527c5e1e3a72a3c53bb3f325
                                                                                                • Instruction ID: 6e33ddff8b4a6f15e98404bab8bdebad6a5f25bd64f0cbbadbdd614de2e613b3
                                                                                                • Opcode Fuzzy Hash: fe9309aed92f6179f199e66c71d009e7277d1fd7527c5e1e3a72a3c53bb3f325
                                                                                                • Instruction Fuzzy Hash: 61410872A00308BFD7249F78CC41BAABBE9EF88710F10456AF245DB2D2D7719A418780
                                                                                                Function 009456D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00945783
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 009457A9
                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009457CE
                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009457FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                • String ID:
                                                                                                • API String ID: 3321077145-0
                                                                                                • Opcode ID: be1a06696ff6a9e3a7af4b3e104d4d821304847bea4fbe21e13e186fb700c249
                                                                                                • Instruction ID: 4fb385ab45c962d4562005c6b5035d7af1f80222797d0c5f7683d9838158dcca
                                                                                                • Opcode Fuzzy Hash: be1a06696ff6a9e3a7af4b3e104d4d821304847bea4fbe21e13e186fb700c249
                                                                                                • Instruction Fuzzy Hash: 11411A35600611DFCB11DF59C444A5ABBF6FF89720B198589EC4AAB362DB74FD00CB92
                                                                                                Function 0090D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,008F6D71,00000000,00000000,008F82D9,?,008F82D9,?,00000001,008F6D71,8BE85006,00000001,008F82D9,008F82D9), ref: 0090D910
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0090D999
                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0090D9AB
                                                                                                • __freea.LIBCMT ref: 0090D9B4
                                                                                                  • Part of subcall function 00903820: RtlAllocateHeap.NTDLL(00000000,?,009A1444,?,008EFDF5,?,?,008DA976,00000010,009A1440,008D13FC,?,008D13C6,?,008D1129), ref: 00903852
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                • String ID:
                                                                                                • API String ID: 2652629310-0
                                                                                                • Opcode ID: 7d2f6bb11bd32d392db1e147f2379eb7b7edbd1427329fa64088f1ace0285015
                                                                                                • Instruction ID: 3a9e078bd68d73241b604bc854e2cf680b3b3ff438a5791cea5c049a552b108d
                                                                                                • Opcode Fuzzy Hash: 7d2f6bb11bd32d392db1e147f2379eb7b7edbd1427329fa64088f1ace0285015
                                                                                                • Instruction Fuzzy Hash: BE31AD72A0220AAFDF259FA5DC41EBE7BA9EB41310B154169FC14D6290EB35CD90DBA0
                                                                                                Function 009652C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00965352
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00965375
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00965382
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009653A8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                • String ID:
                                                                                                • API String ID: 3340791633-0
                                                                                                • Opcode ID: 62f5d680c507325893731760864a7790ad7b6a1c5e9936a068ba4fad3896a3bd
                                                                                                • Instruction ID: 2d21707120450b0aa4b5ab814edb36a6db9f9826087e8a344cc481c307bed172
                                                                                                • Opcode Fuzzy Hash: 62f5d680c507325893731760864a7790ad7b6a1c5e9936a068ba4fad3896a3bd
                                                                                                • Instruction Fuzzy Hash: D431E134A59A08EFEF349E14CC06FE83769AB05BD0F594102FA51963E0C7F49D80EB82
                                                                                                Function 0093AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0093ABF1
                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 0093AC0D
                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 0093AC74
                                                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0093ACC6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                • String ID:
                                                                                                • API String ID: 432972143-0
                                                                                                • Opcode ID: 4c57dc2d34982118e679595420dafc0b42e326c09bef443b09384fdce111084b
                                                                                                • Instruction ID: 15602e73be1afd5f9061de04e9a81f834eb04bd342fa24ff95a2d8560d2c3733
                                                                                                • Opcode Fuzzy Hash: 4c57dc2d34982118e679595420dafc0b42e326c09bef443b09384fdce111084b
                                                                                                • Instruction Fuzzy Hash: DD312670A043186FEF35CB65CC087FA7BA9AB89310F08671AE4C5921D1C3798D819F52
                                                                                                Function 00967674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ClientToScreen.USER32(?,?), ref: 0096769A
                                                                                                • GetWindowRect.USER32(?,?), ref: 00967710
                                                                                                • PtInRect.USER32(?,?,00968B89), ref: 00967720
                                                                                                • MessageBeep.USER32(00000000), ref: 0096778C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1352109105-0
                                                                                                • Opcode ID: 3266892788dfeee78ef741a3eb39e08e33b5c70db29753450a49d191a3472638
                                                                                                • Instruction ID: 2abdce63d01d6ebb737a552f75698e351842d19d22fdeece2acde9aecea755c6
                                                                                                • Opcode Fuzzy Hash: 3266892788dfeee78ef741a3eb39e08e33b5c70db29753450a49d191a3472638
                                                                                                • Instruction Fuzzy Hash: FB419C38A09215DFDB01CF98D894EA9B7F9FF89318F1980A9E815DB261D730E941DF90
                                                                                                Function 009616DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32 ref: 009616EB
                                                                                                  • Part of subcall function 00933A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00933A57
                                                                                                  • Part of subcall function 00933A3D: GetCurrentThreadId.KERNEL32 ref: 00933A5E
                                                                                                  • Part of subcall function 00933A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009325B3), ref: 00933A65
                                                                                                • GetCaretPos.USER32(?), ref: 009616FF
                                                                                                • ClientToScreen.USER32(00000000,?), ref: 0096174C
                                                                                                • GetForegroundWindow.USER32 ref: 00961752
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                • String ID:
                                                                                                • API String ID: 2759813231-0
                                                                                                • Opcode ID: 563d0ebbbe24e2b710f915afbaa60243349320ee301b253855d2754a7e5a179a
                                                                                                • Instruction ID: d8e707849e09fbbeea7a166813361e0b74a4830f759509417e4b162a923898ae
                                                                                                • Opcode Fuzzy Hash: 563d0ebbbe24e2b710f915afbaa60243349320ee301b253855d2754a7e5a179a
                                                                                                • Instruction Fuzzy Hash: 22313071D00149AFC700DFAAC881DAEB7FDFF88304B5480AAE455E7311EA719E45CBA1
                                                                                                Function 0093DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D7620: _wcslen.LIBCMT ref: 008D7625
                                                                                                • _wcslen.LIBCMT ref: 0093DFCB
                                                                                                • _wcslen.LIBCMT ref: 0093DFE2
                                                                                                • _wcslen.LIBCMT ref: 0093E00D
                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0093E018
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                                                • String ID:
                                                                                                • API String ID: 3763101759-0
                                                                                                • Opcode ID: 869fe795ecf3378d073a6b52764f858c2dbb2d778939a8039a2759e352fdc663
                                                                                                • Instruction ID: 0a7337a57406c75b4c23aeb91f3c8c1015a94989bdedd4b1bb0a9556d946d09d
                                                                                                • Opcode Fuzzy Hash: 869fe795ecf3378d073a6b52764f858c2dbb2d778939a8039a2759e352fdc663
                                                                                                • Instruction Fuzzy Hash: D0218371A00214EFCB149FA8D981B7EBBF8FF45750F144065E905FB285D6709E418BA2
                                                                                                Function 00968FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                • GetCursorPos.USER32(?), ref: 00969001
                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00927711,?,?,?,?,?), ref: 00969016
                                                                                                • GetCursorPos.USER32(?), ref: 0096905E
                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00927711,?,?,?), ref: 00969094
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2864067406-0
                                                                                                • Opcode ID: b5ab420c9e92654dbd838432207658632ec7c6b44d06bec01f1185fea3129deb
                                                                                                • Instruction ID: 2338892b85e63d76a69523ea0536111649f4ebdaaad513ccc17ee4d4513f6f8b
                                                                                                • Opcode Fuzzy Hash: b5ab420c9e92654dbd838432207658632ec7c6b44d06bec01f1185fea3129deb
                                                                                                • Instruction Fuzzy Hash: 4421BF35616018EFCF258F98CC58EFA3BBDEF8A360F004059F90587261C3719990EBA0
                                                                                                Function 0093D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNEL32(?,0096CB68), ref: 0093D2FB
                                                                                                • GetLastError.KERNEL32 ref: 0093D30A
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 0093D319
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0096CB68), ref: 0093D376
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                • String ID:
                                                                                                • API String ID: 2267087916-0
                                                                                                • Opcode ID: 36a68ed59fdcc5bb344882ec830d4e769691417a27677b615a89391f0624bdbb
                                                                                                • Instruction ID: 2c49ecde61cdde10034974ee7f2855529df6cab6a2927288cc6f9fcb93261e36
                                                                                                • Opcode Fuzzy Hash: 36a68ed59fdcc5bb344882ec830d4e769691417a27677b615a89391f0624bdbb
                                                                                                • Instruction Fuzzy Hash: 9321A17050A2019F8300DF28E89196A77E8FE96768F104A1EF4A9C32A1D731DE49CF93
                                                                                                Function 00931571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00931014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0093102A
                                                                                                  • Part of subcall function 00931014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00931036
                                                                                                  • Part of subcall function 00931014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00931045
                                                                                                  • Part of subcall function 00931014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0093104C
                                                                                                  • Part of subcall function 00931014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00931062
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 009315BE
                                                                                                • _memcmp.LIBVCRUNTIME ref: 009315E1
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00931617
                                                                                                • HeapFree.KERNEL32(00000000), ref: 0093161E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 1592001646-0
                                                                                                • Opcode ID: 6a400a3289c2d8053e2e0f968407897c54b22b8cbc05a796d0c509d949514a20
                                                                                                • Instruction ID: 549f0a4e2a736f04af4da16aadad1b0b6212f3ed171ffafbdafe8514593f631e
                                                                                                • Opcode Fuzzy Hash: 6a400a3289c2d8053e2e0f968407897c54b22b8cbc05a796d0c509d949514a20
                                                                                                • Instruction Fuzzy Hash: EF21AF71E00109EFDF04DFA5C945BEEB7B8EF44344F094469E441AB251E770AA05DFA0
                                                                                                Function 00962782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0096280A
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00962824
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00962832
                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00962840
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                • String ID:
                                                                                                • API String ID: 2169480361-0
                                                                                                • Opcode ID: 4edf052709386c7da040e2fd1290146795d917ccb7c3830714b7aac713a8488d
                                                                                                • Instruction ID: e6a6c8db10900f7c2345ccd7624011b10fc4ff4f42c8740add994d4bb9494115
                                                                                                • Opcode Fuzzy Hash: 4edf052709386c7da040e2fd1290146795d917ccb7c3830714b7aac713a8488d
                                                                                                • Instruction Fuzzy Hash: 7921C431209911AFD7149B24CC44FAA7799EF85324F148259F456CB6E2C7B5FC42C7D1
                                                                                                Function 009378F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00938D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0093790A,?,000000FF,?,00938754,00000000,?,0000001C,?,?), ref: 00938D8C
                                                                                                  • Part of subcall function 00938D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00938DB2
                                                                                                  • Part of subcall function 00938D7D: lstrcmpiW.KERNEL32(00000000,?,0093790A,?,000000FF,?,00938754,00000000,?,0000001C,?,?), ref: 00938DE3
                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00938754,00000000,?,0000001C,?,?,00000000), ref: 00937923
                                                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 00937949
                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00938754,00000000,?,0000001C,?,?,00000000), ref: 00937984
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                • String ID: cdecl
                                                                                                • API String ID: 4031866154-3896280584
                                                                                                • Opcode ID: 0d37052e5a016679ea6b846a615ca979d81f1ded70cf089dee3d8617af471625
                                                                                                • Instruction ID: b89726743bcb49cc0ec0cb62f3adf5eaf49a67a022fc6bcc46f9714bd4de96f5
                                                                                                • Opcode Fuzzy Hash: 0d37052e5a016679ea6b846a615ca979d81f1ded70cf089dee3d8617af471625
                                                                                                • Instruction Fuzzy Hash: AE11067A204342AFCB255F79C844E7BB7A9FF85390F00412AF942CB2A4EB719801DB51
                                                                                                Function 00967CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00967D0B
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00967D2A
                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00967D42
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0094B7AD,00000000), ref: 00967D6B
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID:
                                                                                                • API String ID: 847901565-0
                                                                                                • Opcode ID: 84901974126d628d9cd07ec5ce9f2556f675a1a62556e1733733b2817bf90fb0
                                                                                                • Instruction ID: a69e986ff9b4619c704a10b9f88b051e3ec6851acf7794ce74b1f5df361817a3
                                                                                                • Opcode Fuzzy Hash: 84901974126d628d9cd07ec5ce9f2556f675a1a62556e1733733b2817bf90fb0
                                                                                                • Instruction Fuzzy Hash: 2411A271618615AFCB109F68DC14A7A7BA9AF863B4F154B28F835C72F0E7309950DB90
                                                                                                Function 00965660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 009656BB
                                                                                                • _wcslen.LIBCMT ref: 009656CD
                                                                                                • _wcslen.LIBCMT ref: 009656D8
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00965816
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 455545452-0
                                                                                                • Opcode ID: 34153748f36602d7728da93319296a4ae0178dcc9e9cd601c923561c5a41aa8c
                                                                                                • Instruction ID: 2b3092ff848bb00ac376c824207b05cb96a8a80819978d72e5a348973bb759f1
                                                                                                • Opcode Fuzzy Hash: 34153748f36602d7728da93319296a4ae0178dcc9e9cd601c923561c5a41aa8c
                                                                                                • Instruction Fuzzy Hash: 1911E271A00609A6DF20DFB5CC85AFE77ACFF11764F50446AFA15D6091EBB4CA80CB60
                                                                                                Function 00901D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 51680f84322d64799b5b37cf02800e0a4910fe4f9635335d1222b582787d19b9
                                                                                                • Instruction ID: 7a129e2fc342bb17a9e3026ce73d27bccfc6d281d462b6f22cc8e023ad6df292
                                                                                                • Opcode Fuzzy Hash: 51680f84322d64799b5b37cf02800e0a4910fe4f9635335d1222b582787d19b9
                                                                                                • Instruction Fuzzy Hash: 0A016DB22196167FF6212AB86CC5F67671DEF827B8F35072AF531A11D2EB608C405160
                                                                                                Function 00931A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00931A47
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00931A59
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00931A6F
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00931A8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: ab5a1cf42966cab5982daf2522d53e4c5fb9c01eefbc83b7d333b31a06e890ae
                                                                                                • Instruction ID: 0feedb401ae4f1ae19e0716d3df69c50b3e62dc353ff5c404a78d08f6455c842
                                                                                                • Opcode Fuzzy Hash: ab5a1cf42966cab5982daf2522d53e4c5fb9c01eefbc83b7d333b31a06e890ae
                                                                                                • Instruction Fuzzy Hash: B011393AD01219FFEF10DBA4CD85FADBB79EB08750F200091EA00B7290D6716E50DB94
                                                                                                Function 0093E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0093E1FD
                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 0093E230
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0093E246
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0093E24D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                • String ID:
                                                                                                • API String ID: 2880819207-0
                                                                                                • Opcode ID: 04f2b6c80814bc4abb2fc50d42ae417cf07f3ebeb40c11596b222bbb5ee99486
                                                                                                • Instruction ID: d2c7d40c450fc583ace418eee8be3c256088a6def1d0111c099b4cf16794ae4e
                                                                                                • Opcode Fuzzy Hash: 04f2b6c80814bc4abb2fc50d42ae417cf07f3ebeb40c11596b222bbb5ee99486
                                                                                                • Instruction Fuzzy Hash: 3E11DBB691C254BBCB119FA89C05EAF7FADEF46314F044259F924E32D1D6B0DD049BA0
                                                                                                Function 008FD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateThread.KERNEL32(00000000,?,008FCFF9,00000000,00000004,00000000), ref: 008FD218
                                                                                                • GetLastError.KERNEL32 ref: 008FD224
                                                                                                • __dosmaperr.LIBCMT ref: 008FD22B
                                                                                                • ResumeThread.KERNEL32(00000000), ref: 008FD249
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                • String ID:
                                                                                                • API String ID: 173952441-0
                                                                                                • Opcode ID: c71a7affcc9dca927467ce39da615d4cb06711fe341852e452119c8e3b333c94
                                                                                                • Instruction ID: 3624a8c7458934512472e248a0bc3594b757ad21b618fbd00c7669d47059f169
                                                                                                • Opcode Fuzzy Hash: c71a7affcc9dca927467ce39da615d4cb06711fe341852e452119c8e3b333c94
                                                                                                • Instruction Fuzzy Hash: EA01047240420CBBCB115BB9DC09BBA7A6AFF82330F100219FB24D21D1CBB19900C6A1
                                                                                                Function 00969EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008E9BB2
                                                                                                • GetClientRect.USER32(?,?), ref: 00969F31
                                                                                                • GetCursorPos.USER32(?), ref: 00969F3B
                                                                                                • ScreenToClient.USER32(?,?), ref: 00969F46
                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00969F7A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                • String ID:
                                                                                                • API String ID: 4127811313-0
                                                                                                • Opcode ID: 17837c0310745e6d020d129e776c63eebfa45865d669026e2a1a303dedbec9b9
                                                                                                • Instruction ID: fa8c3dccda136ccdabcf3a93684f7d5600955a9d97585c0888a75173318d6794
                                                                                                • Opcode Fuzzy Hash: 17837c0310745e6d020d129e776c63eebfa45865d669026e2a1a303dedbec9b9
                                                                                                • Instruction Fuzzy Hash: ED11853290421AABCB00DFA8C9899FE77BCFB45311F000455F802E3040C370BE81DBA1
                                                                                                Function 008D600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008D604C
                                                                                                • GetStockObject.GDI32(00000011), ref: 008D6060
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 008D606A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3970641297-0
                                                                                                • Opcode ID: 4224182006fa419e312d87b1a932dfbb525b61876b3f0b6e9885d8c38b03ce43
                                                                                                • Instruction ID: f094c2acf73dcd39e59207661ebe167bd79d276c257aae5c8632e0a0b3141ae6
                                                                                                • Opcode Fuzzy Hash: 4224182006fa419e312d87b1a932dfbb525b61876b3f0b6e9885d8c38b03ce43
                                                                                                • Instruction Fuzzy Hash: 191161B250590DBFEF125F94DC44EEA7B69FF19364F040216FA14A2110D776DC60EB90
                                                                                                Function 008F3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 008F3B56
                                                                                                  • Part of subcall function 008F3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 008F3AD2
                                                                                                  • Part of subcall function 008F3AA3: ___AdjustPointer.LIBCMT ref: 008F3AED
                                                                                                • _UnwindNestedFrames.LIBCMT ref: 008F3B6B
                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 008F3B7C
                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 008F3BA4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                • String ID:
                                                                                                • API String ID: 737400349-0
                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                • Instruction ID: 94136f11f7e067d49ca76d5566a76f1e753df43098f9ddf738e6fddbfc0aab0d
                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                • Instruction Fuzzy Hash: D601D73210014DBBDF125EA9CC46EFB7B69FF98764F044015FE48A6121D632E9619BA1
                                                                                                Function 00903073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008D13C6,00000000,00000000,?,0090301A,008D13C6,00000000,00000000,00000000,?,0090328B,00000006,FlsSetValue), ref: 009030A5
                                                                                                • GetLastError.KERNEL32(?,0090301A,008D13C6,00000000,00000000,00000000,?,0090328B,00000006,FlsSetValue,00972290,FlsSetValue,00000000,00000364,?,00902E46), ref: 009030B1
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0090301A,008D13C6,00000000,00000000,00000000,?,0090328B,00000006,FlsSetValue,00972290,FlsSetValue,00000000), ref: 009030BF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 3177248105-0
                                                                                                • Opcode ID: 3051204e3d29251f194b512f47a81f39218b74c49900d728789156ad21526be7
                                                                                                • Instruction ID: 724078ea81ae4dc9f3d903aaf71e91e1d4c5c596dbc7034cfbd498593c84c3a8
                                                                                                • Opcode Fuzzy Hash: 3051204e3d29251f194b512f47a81f39218b74c49900d728789156ad21526be7
                                                                                                • Instruction Fuzzy Hash: 86012B7232B222EFCB314B799C44A677BACAF45B61B118624F955E31C0D721D901C6E0
                                                                                                Function 00937464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0093747F
                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00937497
                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 009374AC
                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 009374CA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                • String ID:
                                                                                                • API String ID: 1352324309-0
                                                                                                • Opcode ID: 72661eee2bbf7aacc9730cd7991083515b133426fd90030d2eeca1a23fa82454
                                                                                                • Instruction ID: a9f3492e8a98036cae674199ed26d43b84adc291ce62bef20f808e28769f2750
                                                                                                • Opcode Fuzzy Hash: 72661eee2bbf7aacc9730cd7991083515b133426fd90030d2eeca1a23fa82454
                                                                                                • Instruction Fuzzy Hash: 96113CF52093159BE7308F94EC0DBA2BBFDEB00B04F108969A656D6561D7B4F904DF50
                                                                                                Function 0093B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0093ACD3,?,00008000), ref: 0093B0C4
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0093ACD3,?,00008000), ref: 0093B0E9
                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0093ACD3,?,00008000), ref: 0093B0F3
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0093ACD3,?,00008000), ref: 0093B126
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                • String ID:
                                                                                                • API String ID: 2875609808-0
                                                                                                • Opcode ID: 39ed3dced065d1adc1d0f8402c3287995740c74a29444e99af517bb31f36b853
                                                                                                • Instruction ID: 9c7731879a1826c315ea1b7ae6dcf74b0e2c60f33ea1d483212630f2e7ce65e5
                                                                                                • Opcode Fuzzy Hash: 39ed3dced065d1adc1d0f8402c3287995740c74a29444e99af517bb31f36b853
                                                                                                • Instruction Fuzzy Hash: 8911A170C0851CDBCF04AFE4D9586FEBB78FF0A310F014089EA81B6145CB7045509F51
                                                                                                Function 00967E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 00967E33
                                                                                                • ScreenToClient.USER32(?,?), ref: 00967E4B
                                                                                                • ScreenToClient.USER32(?,?), ref: 00967E6F
                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00967E8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                • String ID:
                                                                                                • API String ID: 357397906-0
                                                                                                • Opcode ID: ec9533e5dd92f3ffefc4c267a49a0086716e8591f5ddd8d7d2428e7c8fb6ea3d
                                                                                                • Instruction ID: fd5b784f71fa9bc7a04ef288da0fc17b496ef51e09ee25c6b7e64f76f714a9ce
                                                                                                • Opcode Fuzzy Hash: ec9533e5dd92f3ffefc4c267a49a0086716e8591f5ddd8d7d2428e7c8fb6ea3d
                                                                                                • Instruction Fuzzy Hash: 0B1183B9D1420AAFDB41CF98C884AEEBBF9FF08310F508066E951E3210D775AA54DF90
                                                                                                Function 00932DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00932DC5
                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00932DD6
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00932DDD
                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00932DE4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2710830443-0
                                                                                                • Opcode ID: 6b7f7d98ca70f79678a4d44a1b3ed714f0c3928d67a61733cc758314798f9149
                                                                                                • Instruction ID: d6101b785decf7ea0dbc7d0a43272c0b4177537abb2ae8f188151f432ab25d67
                                                                                                • Opcode Fuzzy Hash: 6b7f7d98ca70f79678a4d44a1b3ed714f0c3928d67a61733cc758314798f9149
                                                                                                • Instruction Fuzzy Hash: C4E06DB11192247ADB202B62DC0DFFB7E6CEF42BA1F000019F106D10809AE58840DAB0
                                                                                                Function 00968863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008E9693
                                                                                                  • Part of subcall function 008E9639: SelectObject.GDI32(?,00000000), ref: 008E96A2
                                                                                                  • Part of subcall function 008E9639: BeginPath.GDI32(?), ref: 008E96B9
                                                                                                  • Part of subcall function 008E9639: SelectObject.GDI32(?,00000000), ref: 008E96E2
                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00968887
                                                                                                • LineTo.GDI32(?,?,?), ref: 00968894
                                                                                                • EndPath.GDI32(?), ref: 009688A4
                                                                                                • StrokePath.GDI32(?), ref: 009688B2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                • String ID:
                                                                                                • API String ID: 1539411459-0
                                                                                                • Opcode ID: de75ad3622ca2ed9fd5e672ace93d8cbb357011c5836329dff42dfde93df88e8
                                                                                                • Instruction ID: ec007f40b10b1a840e5a73f6ed4c4a5e7bec9487d176689e823878836a5f14f9
                                                                                                • Opcode Fuzzy Hash: de75ad3622ca2ed9fd5e672ace93d8cbb357011c5836329dff42dfde93df88e8
                                                                                                • Instruction Fuzzy Hash: B8F0BE36019258FADF126F94AC09FDE3F19AF0A310F408104FA61610E1C7B40510EFE5
                                                                                                Function 008E98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000008), ref: 008E98CC
                                                                                                • SetTextColor.GDI32(?,?), ref: 008E98D6
                                                                                                • SetBkMode.GDI32(?,00000001), ref: 008E98E9
                                                                                                • GetStockObject.GDI32(00000005), ref: 008E98F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                • String ID:
                                                                                                • API String ID: 4037423528-0
                                                                                                • Opcode ID: f81fe926a513782abaff6b0c3b798d589405759efa2ca9ace0b085206fb66d74
                                                                                                • Instruction ID: 5d29d4e9f0716dbaeb6639b6e80c3961483e0f13bd5232cb693d5ab2bf7c5c63
                                                                                                • Opcode Fuzzy Hash: f81fe926a513782abaff6b0c3b798d589405759efa2ca9ace0b085206fb66d74
                                                                                                • Instruction Fuzzy Hash: A9E06D7125C280AADB216B74BC09BF97F21EB13336F04821EF6FA980E5C3B14650AB11
                                                                                                Function 0093162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThread.KERNEL32 ref: 00931634
                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,009311D9), ref: 0093163B
                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,009311D9), ref: 00931648
                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,009311D9), ref: 0093164F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                • String ID:
                                                                                                • API String ID: 3974789173-0
                                                                                                • Opcode ID: 2359d7fa408e2beded46b53f4a213d8cd2606466e716b2c917762515c754604d
                                                                                                • Instruction ID: 28b87fd41d365b20cb60d8f0cf5ac21db9f3ded73490219b407933e7ed516f7b
                                                                                                • Opcode Fuzzy Hash: 2359d7fa408e2beded46b53f4a213d8cd2606466e716b2c917762515c754604d
                                                                                                • Instruction Fuzzy Hash: F3E086B1615211EBDB201FE19E0DB663B7CAF44795F14480CF685D9090D7B48440DB50
                                                                                                Function 0092D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDesktopWindow.USER32 ref: 0092D858
                                                                                                • GetDC.USER32(00000000), ref: 0092D862
                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0092D882
                                                                                                • ReleaseDC.USER32(?), ref: 0092D8A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2889604237-0
                                                                                                • Opcode ID: d52b72cc2cbfdb33065c40967b3b29c8b3849142e3cd8983ef6b8f225873447d
                                                                                                • Instruction ID: df57e742f2c3626e9e725877bdd677ef7be38d5745461a70be25346f3f5ad50c
                                                                                                • Opcode Fuzzy Hash: d52b72cc2cbfdb33065c40967b3b29c8b3849142e3cd8983ef6b8f225873447d
                                                                                                • Instruction Fuzzy Hash: B5E01AB581420ADFCF419FA1D80C67DBBB1FB08310F149409F88AE7250CBB85901AF44
                                                                                                Function 0092D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDesktopWindow.USER32 ref: 0092D86C
                                                                                                • GetDC.USER32(00000000), ref: 0092D876
                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0092D882
                                                                                                • ReleaseDC.USER32(?), ref: 0092D8A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2889604237-0
                                                                                                • Opcode ID: 5b415843672baddbf564d71279fc7ec6f2713a2fbfbeae6d87aa4a02c31c9fd7
                                                                                                • Instruction ID: 92fbdbdd0037bc5e2799e40f3174467458d79f36ac0631d613060665a2e26e9c
                                                                                                • Opcode Fuzzy Hash: 5b415843672baddbf564d71279fc7ec6f2713a2fbfbeae6d87aa4a02c31c9fd7
                                                                                                • Instruction Fuzzy Hash: 61E01AB0814205DFCF409FA1D80C66DBBB1FB08310B149009F88AE7250CBB85901AF44
                                                                                                Function 00944D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D7620: _wcslen.LIBCMT ref: 008D7625
                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00944ED4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Connection_wcslen
                                                                                                • String ID: *$LPT
                                                                                                • API String ID: 1725874428-3443410124
                                                                                                • Opcode ID: 1c738621e60edb33804a9bd4e0f7ee87d24b328ccb4b4cebc34fa3a73dbdb25d
                                                                                                • Instruction ID: 2d6ce9450b9ac822f29d52c82c375111961e4eb0cf5afbeafa2136b64d2d286d
                                                                                                • Opcode Fuzzy Hash: 1c738621e60edb33804a9bd4e0f7ee87d24b328ccb4b4cebc34fa3a73dbdb25d
                                                                                                • Instruction Fuzzy Hash: FF914C75A002049FDB14DF58C484EAABBF5FF48304F198099E84A9F3A2D775EE85CB91
                                                                                                Function 008FE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 008FE30D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorHandling__start
                                                                                                • String ID: pow
                                                                                                • API String ID: 3213639722-2276729525
                                                                                                • Opcode ID: b1267b2dd250481d8401eca51a85c7f4e09419aad35ea25ab6dc7d69f1a1e3e1
                                                                                                • Instruction ID: da213317bfe7f67bfb28225a3c70b68c61629928ee4c675b565b05515cea8893
                                                                                                • Opcode Fuzzy Hash: b1267b2dd250481d8401eca51a85c7f4e09419aad35ea25ab6dc7d69f1a1e3e1
                                                                                                • Instruction Fuzzy Hash: F3515B61E1D20A9ACB157774C905379ABA8FF40760F304D68E1D5C23F9EB349CD1AA46
                                                                                                Function 008EE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: #
                                                                                                • API String ID: 0-1885708031
                                                                                                • Opcode ID: 216c00e46d00ce8228f9c31f620943480abe1252fcb0505ae306522807deaedc
                                                                                                • Instruction ID: 9b131215c53507d219978cc5be16ea27e6b5ba5013ff0761c44befb73ebab471
                                                                                                • Opcode Fuzzy Hash: 216c00e46d00ce8228f9c31f620943480abe1252fcb0505ae306522807deaedc
                                                                                                • Instruction Fuzzy Hash: CE514335604296DFDB15DF68D081ABA7BACFF16310F248059F891DB2C4D7349D42CBA1
                                                                                                Function 008EF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Sleep.KERNEL32(00000000), ref: 008EF2A2
                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 008EF2BB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                • String ID: @
                                                                                                • API String ID: 2783356886-2766056989
                                                                                                • Opcode ID: dbe78d17e36682ace48bddfc92d4dcf00cb1f6c04ae43fbc8be6a3bc7cd7b9cc
                                                                                                • Instruction ID: 8637a43b16711dd2f24d88159bdadf1f43e0d05bea4c50b272221d92b7099acc
                                                                                                • Opcode Fuzzy Hash: dbe78d17e36682ace48bddfc92d4dcf00cb1f6c04ae43fbc8be6a3bc7cd7b9cc
                                                                                                • Instruction Fuzzy Hash: 2F51497241C7459BD320AF15DC86BABB7F8FB84300F81895DF2D981295EB708929CB67
                                                                                                Function 00955745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009557E0
                                                                                                • _wcslen.LIBCMT ref: 009557EC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                • String ID: CALLARGARRAY
                                                                                                • API String ID: 157775604-1150593374
                                                                                                • Opcode ID: 441168c1b6306bd523961721c011c9fcc951ad76a13019c9a5a6367ccdc77685
                                                                                                • Instruction ID: 1e7c5ea1f3009211144d19adea08316b205aa9092addf6c249eb5fb0e5465d16
                                                                                                • Opcode Fuzzy Hash: 441168c1b6306bd523961721c011c9fcc951ad76a13019c9a5a6367ccdc77685
                                                                                                • Instruction Fuzzy Hash: 0B41D171E002099FCB14DFAAC8919BEBBF9FF59325F114029E905E7262E7709D85CB90
                                                                                                Function 0094D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0094D130
                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0094D13A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CrackInternet_wcslen
                                                                                                • String ID: |
                                                                                                • API String ID: 596671847-2343686810
                                                                                                • Opcode ID: 6b3557b9f4d4408bfc8f01770dce00fc5be71e872c959496bc808d141772c70b
                                                                                                • Instruction ID: 702eb108dc0dc9ec82d5d2b1e4cd6e15f1e88e3af0b6bf4fdc75c4408b3094c3
                                                                                                • Opcode Fuzzy Hash: 6b3557b9f4d4408bfc8f01770dce00fc5be71e872c959496bc808d141772c70b
                                                                                                • Instruction Fuzzy Hash: D4312C75D01219ABCF15EFA4CC85EEE7FB9FF08300F10011AF915A6261E731AA16DB51
                                                                                                Function 0096356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00963621
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0096365C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$DestroyMove
                                                                                                • String ID: static
                                                                                                • API String ID: 2139405536-2160076837
                                                                                                • Opcode ID: 5fae251dae3a1b613c314ed20e91ce5e649f1278cb11a237eb13c35aeccb59f3
                                                                                                • Instruction ID: c5455907e0871dd3fad39e565ad9fc69f65f6d22cccd1df74294f903248e4217
                                                                                                • Opcode Fuzzy Hash: 5fae251dae3a1b613c314ed20e91ce5e649f1278cb11a237eb13c35aeccb59f3
                                                                                                • Instruction Fuzzy Hash: FE318B71110604AADB109F68DC81EFB73ADFF88764F00D61AF9A9D7290DA70AD91DB60
                                                                                                Function 00964537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0096461F
                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00964634
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: '
                                                                                                • API String ID: 3850602802-1997036262
                                                                                                • Opcode ID: 30f0111151b7765f3e1b04a7f774018a95ff1f2dbe2c72c9de466ec2fd4672ea
                                                                                                • Instruction ID: fd9fc0e9627a90b4608ac7038f231d97dbb930264df50229e94a13d48a106cd2
                                                                                                • Opcode Fuzzy Hash: 30f0111151b7765f3e1b04a7f774018a95ff1f2dbe2c72c9de466ec2fd4672ea
                                                                                                • Instruction Fuzzy Hash: 13312A74A0130A9FDF14CFA9C990BDA7BB9FF49300F14406AE905AB351D770A941CF90
                                                                                                Function 009631EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0096327C
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00963287
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: Combobox
                                                                                                • API String ID: 3850602802-2096851135
                                                                                                • Opcode ID: 8f96b84f58f4f14eea1118affd7861c53635dfe17f74b39cd065d53bb8f03da7
                                                                                                • Instruction ID: 4209e9450b1bde3fc7eec9305d8b97c9fbce1fbeba4c0d4b8878e41606bdf23b
                                                                                                • Opcode Fuzzy Hash: 8f96b84f58f4f14eea1118affd7861c53635dfe17f74b39cd065d53bb8f03da7
                                                                                                • Instruction Fuzzy Hash: 091104713042087FFF219F98DC90EBB37AEEB943A4F108228F928972D0D6719D519760
                                                                                                Function 00963710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008D604C
                                                                                                  • Part of subcall function 008D600E: GetStockObject.GDI32(00000011), ref: 008D6060
                                                                                                  • Part of subcall function 008D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008D606A
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0096377A
                                                                                                • GetSysColor.USER32(00000012), ref: 00963794
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                • String ID: static
                                                                                                • API String ID: 1983116058-2160076837
                                                                                                • Opcode ID: 2a91bbb4a382cf9a58befdf0f8cd7852ad5cd69e669edae89f5cc3d2f26b5d40
                                                                                                • Instruction ID: 98fd059e37ef3d77668aa7d4d67c27b98097e66b8f7147c70be9ec9a5c6389d5
                                                                                                • Opcode Fuzzy Hash: 2a91bbb4a382cf9a58befdf0f8cd7852ad5cd69e669edae89f5cc3d2f26b5d40
                                                                                                • Instruction Fuzzy Hash: 2D1129B2610209AFDB00DFA8CC45EFA7BB8FB09354F004915F956E2250E775E8519B50
                                                                                                Function 0094CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0094CD7D
                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0094CDA6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$OpenOption
                                                                                                • String ID: <local>
                                                                                                • API String ID: 942729171-4266983199
                                                                                                • Opcode ID: ac1b914936715181688ee4a993f5657e2a8290ac17597433bbcc37a047e30646
                                                                                                • Instruction ID: 4f06705bff4614185d2d79f3b3e2ccda37069c63ea1eeef1f10a98b783c1b970
                                                                                                • Opcode Fuzzy Hash: ac1b914936715181688ee4a993f5657e2a8290ac17597433bbcc37a047e30646
                                                                                                • Instruction Fuzzy Hash: 741102F1A06631BED7784B668C48EF7BEACEF127A4F00422AB109830C0D3749840D6F0
                                                                                                Function 00963429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 009634AB
                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009634BA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                • String ID: edit
                                                                                                • API String ID: 2978978980-2167791130
                                                                                                • Opcode ID: 04da8c0e937c8f0c9636ea2f63882789d71021a815c8811440cdee7aaa58094d
                                                                                                • Instruction ID: ced0f48eba0ad372e345a26c54918acc9dfdd3496d10f15ef5a6eff991f0d424
                                                                                                • Opcode Fuzzy Hash: 04da8c0e937c8f0c9636ea2f63882789d71021a815c8811440cdee7aaa58094d
                                                                                                • Instruction Fuzzy Hash: B0118C71114208ABEB128F68DC84ABB776EEF45378F508724FA61931E0CB75DC91AB60
                                                                                                Function 00936C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00936CB6
                                                                                                • _wcslen.LIBCMT ref: 00936CC2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: STOP
                                                                                                • API String ID: 1256254125-2411985666
                                                                                                • Opcode ID: 68bd7aa032d0e898821fc39bc7f5b600f0e72a9a4411bb34412f76b3811aa479
                                                                                                • Instruction ID: e8c2c2e100dc830b310361b6b148ee68886232a7d02fb8c76ce95cd2e39922c6
                                                                                                • Opcode Fuzzy Hash: 68bd7aa032d0e898821fc39bc7f5b600f0e72a9a4411bb34412f76b3811aa479
                                                                                                • Instruction Fuzzy Hash: B3010432610526AACB20AFBDDC809BF77B8FB60714F104929E9A2D6291EB31D900CB50
                                                                                                Function 00931CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 00933CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00933CCA
                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00931D4C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: c0ee7bfa62dbcc182345270402f1f6478f8561060fc063dbd5434ed42ebf1ffa
                                                                                                • Instruction ID: 773a30c98b505a9699b5eee37907978aa36895949010498e4f68e14de853f327
                                                                                                • Opcode Fuzzy Hash: c0ee7bfa62dbcc182345270402f1f6478f8561060fc063dbd5434ed42ebf1ffa
                                                                                                • Instruction Fuzzy Hash: CC01D871651214AB8B08EBA8DC51DFF7368FB57350F040A1AF8B2973D1EA3059089B61
                                                                                                Function 00931BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 00933CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00933CCA
                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00931C46
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: a1321b9c1ba1e16356f9d4d5ca36299f6874e1894428f037c58798c31f020dd6
                                                                                                • Instruction ID: eb6b74475bcdb9b0a64c3c554737c3804ef4f0a6d814e2e8895f847ff594550a
                                                                                                • Opcode Fuzzy Hash: a1321b9c1ba1e16356f9d4d5ca36299f6874e1894428f037c58798c31f020dd6
                                                                                                • Instruction Fuzzy Hash: B601F77178010467CF04EBA5C952AFF73ACEB51340F10102AF886A3291EA249F08DBB2
                                                                                                Function 00931C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 00933CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00933CCA
                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00931CC8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: 4d9d9e70af23e9a64f014d7c48ceb769f3e209d5ba31196921a95e7e7041b77b
                                                                                                • Instruction ID: 188ce330145aa4db7db6b5c15a5b2946170178f008edd64085f0ceb0b96920cc
                                                                                                • Opcode Fuzzy Hash: 4d9d9e70af23e9a64f014d7c48ceb769f3e209d5ba31196921a95e7e7041b77b
                                                                                                • Instruction Fuzzy Hash: 3E01D6B578011867CF04EBA8CA01AFF73ACAB11340F141016F882B3291EA609F08DA72
                                                                                                Function 00931D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008D9CB3: _wcslen.LIBCMT ref: 008D9CBD
                                                                                                  • Part of subcall function 00933CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00933CCA
                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00931DD3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: 2a0bed0fd650c103ed5a1914d9057a078f482c3ec0bfc84631e4e7e138d56bc3
                                                                                                • Instruction ID: 6ad8ad7f1d8549b26d78db91f9d5e32e0750bf2ec039370abe40c3ec736d1ad3
                                                                                                • Opcode Fuzzy Hash: 2a0bed0fd650c103ed5a1914d9057a078f482c3ec0bfc84631e4e7e138d56bc3
                                                                                                • Instruction Fuzzy Hash: 91F0A471B5121566DB04E7A8DC52BFF776CFF42754F040A1AF8B2A32D1DA605A088A62
                                                                                                Function 0095747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: 3, 3, 16, 1
                                                                                                • API String ID: 176396367-3042988571
                                                                                                • Opcode ID: 513b5b974d06392aeb1772e1322ee6f98ac46128fd1b77d06d8de7ca45b07fc5
                                                                                                • Instruction ID: 427bb52717dac81de117d8de93ffb22fe6425049059bd5548bef7bd836d3a15c
                                                                                                • Opcode Fuzzy Hash: 513b5b974d06392aeb1772e1322ee6f98ac46128fd1b77d06d8de7ca45b07fc5
                                                                                                • Instruction Fuzzy Hash: 39E02B0231422010923116BFBCC1A7FDA8EDFC5751714282FFE85C227AEAD48E9193A1
                                                                                                Function 00930B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00930B23
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message
                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                • API String ID: 2030045667-4017498283
                                                                                                • Opcode ID: f3c321e54baa58e89e14c7c0b34d38385d0a704b0cf67bcdba6e066374f6a7cf
                                                                                                • Instruction ID: 3daf22969f20846d612ee72e1b12bb9026fc4c5bbda603a087d4838a7991f4bb
                                                                                                • Opcode Fuzzy Hash: f3c321e54baa58e89e14c7c0b34d38385d0a704b0cf67bcdba6e066374f6a7cf
                                                                                                • Instruction Fuzzy Hash: 32E0D87134434C36D71436597C03F997B84DF05B64F10042BF7C8D55C38AD2245017AA
                                                                                                Function 008F0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 008EF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,008F0D71,?,?,?,008D100A), ref: 008EF7CE
                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,008D100A), ref: 008F0D75
                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,008D100A), ref: 008F0D84
                                                                                                Strings
                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008F0D7F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                • API String ID: 55579361-631824599
                                                                                                • Opcode ID: 878a6dd6e9956eec803665d5613d7b1da95ac48b22e160612a248d3aa4dde496
                                                                                                • Instruction ID: 55e9a262d4b6856013ae4213839995e188ffe69ca8dfaff65e8473e535c62922
                                                                                                • Opcode Fuzzy Hash: 878a6dd6e9956eec803665d5613d7b1da95ac48b22e160612a248d3aa4dde496
                                                                                                • Instruction Fuzzy Hash: 95E06DB42007518FD730AFBCE8147667BE4FF04744F008A2DE992C6652DBB1E4489F91
                                                                                                Function 00943017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0094302F
                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00943044
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Temp$FileNamePath
                                                                                                • String ID: aut
                                                                                                • API String ID: 3285503233-3010740371
                                                                                                • Opcode ID: eddb3b76051ac2290a92e1443b258339caea8c4f4c5c5d1df17dbc82a307532c
                                                                                                • Instruction ID: e3340f5e186b542ff3be9f304e4e2bdbdb5078a0585f13f0b18396093da9a51b
                                                                                                • Opcode Fuzzy Hash: eddb3b76051ac2290a92e1443b258339caea8c4f4c5c5d1df17dbc82a307532c
                                                                                                • Instruction Fuzzy Hash: B9D05BB150031477DA209794DC0DFD73A6CD704750F400151BA95D2095DAF4D544CAD0
                                                                                                Function 0092D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LocalTime
                                                                                                • String ID: %.3d$X64
                                                                                                • API String ID: 481472006-1077770165
                                                                                                • Opcode ID: 047ca008d485ac4f3be81a433164dc71055b89e3de6e3a2901dbc6be61771745
                                                                                                • Instruction ID: 2ba72938bf27b7649cc5a73c9a223b39ec4f05c841aac8394231fcea2b8b65ee
                                                                                                • Opcode Fuzzy Hash: 047ca008d485ac4f3be81a433164dc71055b89e3de6e3a2901dbc6be61771745
                                                                                                • Instruction Fuzzy Hash: 97D05BB1C0A128E9DF5097E1EC458F9B37CFB49301FA08852FD26D1044D63CD50CA761
                                                                                                Function 00962322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0096232C
                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0096233F
                                                                                                  • Part of subcall function 0093E97B: Sleep.KERNEL32 ref: 0093E9F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 529655941-2988720461
                                                                                                • Opcode ID: 1dc2005b2904a1b724226af1bda10bb49661dde6b7f31061962bbe98ffb08cfa
                                                                                                • Instruction ID: 37389dfa2d33238769c92c543584a072acdaea9b1987e261817193781d8dd77a
                                                                                                • Opcode Fuzzy Hash: 1dc2005b2904a1b724226af1bda10bb49661dde6b7f31061962bbe98ffb08cfa
                                                                                                • Instruction Fuzzy Hash: C1D012763A8311B7EB64B770EC0FFD67A149B44B14F00491AB786AA1D0C9F0A801DB58
                                                                                                Function 00962356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0096236C
                                                                                                • PostMessageW.USER32(00000000), ref: 00962373
                                                                                                  • Part of subcall function 0093E97B: Sleep.KERNEL32 ref: 0093E9F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 529655941-2988720461
                                                                                                • Opcode ID: 465eaac5d2c45b2dc0371506100c878e1f353ff6e5f02bee54cff3393c682f48
                                                                                                • Instruction ID: 31c7fb22930674d5bd8992964a8211b40afce7b7163b2f857f7b3a094f649a10
                                                                                                • Opcode Fuzzy Hash: 465eaac5d2c45b2dc0371506100c878e1f353ff6e5f02bee54cff3393c682f48
                                                                                                • Instruction Fuzzy Hash: 7DD0C9723993117AEA64B770EC0FFD66A149B44B14F40491AB686AA1D0C9E0A8019A58
                                                                                                Function 0090BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0090BE93
                                                                                                • GetLastError.KERNEL32 ref: 0090BEA1
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0090BEFC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1648814847.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1648795595.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.000000000096C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1648885839.0000000000992000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649023172.000000000099C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1649081034.00000000009A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1717984340-0
                                                                                                • Opcode ID: 50de37aad07a77e47f8c23765dcb33af1a770e7b372ab8e4130310ca7b15f72e
                                                                                                • Instruction ID: aa77b02fff03a04795c858c542ade99824a3ee6fbb649a97bf0eb1cb1d745d57
                                                                                                • Opcode Fuzzy Hash: 50de37aad07a77e47f8c23765dcb33af1a770e7b372ab8e4130310ca7b15f72e
                                                                                                • Instruction Fuzzy Hash: AE41E534604207EFCF219F68CC44ABA7BA9EF42710F144169FB599B1E1DB708D00DB51

                                                                                                Execution Graph

                                                                                                Execution Coverage:0.4%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:100%
                                                                                                Total number of Nodes:6
                                                                                                Total number of Limit Nodes:0
                                                                                                execution_graph 5009 1d9a7256032 5010 1d9a7256089 NtQuerySystemInformation 5009->5010 5011 1d9a7254404 5009->5011 5010->5011 5006 1d9a7239c37 5007 1d9a7239c47 NtQuerySystemInformation 5006->5007 5008 1d9a7239be4 5007->5008

                                                                                                Callgraph

                                                                                                Executed Functions

                                                                                                Function 000001D9A7256032 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.2913318811.000001D9A7253000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001D9A7253000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_1d9a7253000_firefox.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationQuerySystem
                                                                                                • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                • API String ID: 3562636166-3072146587
                                                                                                • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                • Instruction ID: d0dc05d2733aa980e1e3e37ed85d59e27e15f7f922b59e614736eebfdac44b6b
                                                                                                • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                • Instruction Fuzzy Hash: 73A3C431618A498BDB2DDF18DC966E973E5FB98701F14422EDC8BC7255DF34EA028B81