Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1505326
MD5:33c800ae059656e1c13d9bbbf80c9865
SHA1:18528819cdf8189263a347dd76a9da563e467ca3
SHA256:6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 428 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 33C800AE059656E1C13D9BBBF80C9865)
    • msedge.exe (PID: 5968 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7296 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1992,i,12574565550007719994,15380727788805795962,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 2676 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7216 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7308 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8452 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2340 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1277e188-7dee-4079-b382-4169d11bcab3} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02870510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7240 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -parentBuildID 20230927232528 -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e839537a-5e7e-4d2d-9112-3fc62bbeb606} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02843a10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7368 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8580 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8608 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6656 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 8980 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 2232 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7208 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 6232 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2036,i,17134127534699743552,13203090147020171696,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8196 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9028 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1996,i,5599362805012294974,11427720567035323471,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082000566.000001DA130C8000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082000566.000001DA130C8000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_003DDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E68EE FindFirstFileW,FindClose,0_2_003E68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003E698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003DD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003DD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003E9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003E979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003E9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003E5C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 94MB
Source: global trafficTCP traffic: 192.168.2.4:49754 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 23.200.0.42 23.200.0.42
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.43
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.43
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.43
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.43
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.43
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.43
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003ECE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_003ECE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726183324&P2=404&P3=2&P4=aOYJzVg06kyne70fN%2bt0gmCefYUU5hs5f1%2fh7puyBeYhSQFN2G4Y0zlbUlzO09t%2bfRduTho5g2w%2fDDysTlp%2bwQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: eoRY9VQ+xJdpjE3zBEAWWpSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3Omy4zHVUDea5BE&MD=LkL2t7UB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3Omy4zHVUDea5BE&MD=LkL2t7UB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.2075677490.000001DA13A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2081161377.000001DA13A58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2075677490.000001DA13A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2081161377.000001DA13A58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2089873601.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089873601.000001DA13A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000006.00000003.2378832428.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1834983416.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2137017839.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870652832.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2043997156.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2358511688.000001DA0E7CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2088088287.000001DA0E7CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2086384955.000001DA11EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2377276556.000001DA14E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000006.00000003.2091355991.000001DA0E7D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2088295542.000001DA0E7C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1872326320.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2358511688.000001DA0E7C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000006.00000003.2084240794.000001DA14CE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000006.00000003.2358695703.000001DA0E790000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000006.00000003.1825212528.000001DA130EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000006.00000003.1825212528.000001DA130EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000006.00000003.2380313144.000001DA0DE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1873158778.000001DA0DE81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2137105971.000001DA0DE71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times$
Source: firefox.exe, 00000006.00000003.2380313144.000001DA0DE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1873158778.000001DA0DE81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2137105971.000001DA0DE71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressionsP
Source: firefox.exe, 00000006.00000003.1768052194.000001DA15CA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1823823560.000001DA15CAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1773274216.000001DA14FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1806413498.000001DA152EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1808618332.000001DA14FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2083558044.000001DA14FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1808618332.000001DA14FE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000006.00000003.2389694596.000001DA13E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: firefox.exe, 00000006.00000003.2308088375.000001DA0F736000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2314215465.000001DA0F733000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2307534421.000001DA0F736000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2307467815.000001DA0F736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000006.00000003.2314330520.000001DA0F734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000006.00000003.2314215465.000001DA0F733000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
Source: firefox.exe, 00000006.00000003.2308197892.000001DA0F736000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2308088375.000001DA0F736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcom
Source: firefox.exe, 00000006.00000003.2319115209.000001DA0F732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.krr
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000006.00000003.2323028727.000001DA0F731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.Fc
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000006.00000003.2081962099.000001DA13399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000006.00000003.1808728719.000001DA14FB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2088088287.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2358511688.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1811268757.000001DA131A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1872326320.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000006.00000003.1809130377.000001DA14F43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul%
Source: firefox.exe, 00000006.00000003.1809130377.000001DA14F43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul1
Source: firefox.exe, 00000006.00000003.2311162273.000001DA0F736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comr
Source: firefox.exe, 00000006.00000003.2319115209.000001DA0F732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: firefox.exe, 00000006.00000003.2319115209.000001DA0F732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr.TTFa
Source: firefox.exe, 00000006.00000003.2319115209.000001DA0F732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krim
Source: firefox.exe, 00000006.00000003.2389694596.000001DA13E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: firefox.exe, 00000006.00000003.2316271843.000001DA0F732000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316650002.000001DA0F733000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316602412.000001DA0F734000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316425059.000001DA0F733000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316342655.000001DA0F734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net
Source: firefox.exe, 00000006.00000003.2316271843.000001DA0F732000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316425059.000001DA0F733000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316342655.000001DA0F734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.neto
Source: firefox.exe, 00000006.00000003.2316602412.000001DA0F734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netr
Source: firefox.exe, 00000006.00000003.2389694596.000001DA13E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: firefox.exe, 00000010.00000003.1769425597.000001BB43CFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1767459303.000001BB43CFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2927849999.000001BB43CFC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.6.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000006.00000003.1868959366.000001DA15295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000006.00000003.1808865901.000001DA14FAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824595930.000001DA14FAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075335286.000001DA14FAC000.00000004.00000800.00020000.00000000.sdmp, 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, Session_13370052120911181.7.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://accounts.google.com
Source: Session_13370052120911181.7.dr, 000003.log2.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 00000009.00000002.2923563908.000001EB6009A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?se
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13370052120911181.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1661742400.0000000000E0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1661742400.0000000000DE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1659995565.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1659995565.0000000000E0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1661742400.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1659995565.0000000000DE1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1663215941.00000256AB8BD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1668007287.00000256AB8BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000009.00000002.2923563908.000001EB6009A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C
Source: file.exe, 00000000.00000002.1661742400.0000000000DB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd_6
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000006.00000003.2378870092.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044137244.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077227159.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870729671.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000006.00000003.2089873601.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089873601.000001DA13A29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089873601.000001DA13A15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13A29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2357597924.000001DA13A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000006.00000003.2358695703.000001DA0E790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000006.00000003.2358695703.000001DA0E790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000006.00000003.2378832428.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2137017839.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082569442.000001DA0FF42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087465231.000001DA0FF43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000006.00000003.2378832428.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2137017839.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082569442.000001DA0FF42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087465231.000001DA0FF43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000006.00000003.2379488316.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2045426995.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077787229.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091355991.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2088088287.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2358511688.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000006.00000003.1811105838.000001DA132DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871952192.000001DA0F63E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: f2d6a50e-7201-4d2f-99d0-6e72ae0d2559.tmp.8.dr, Network Persistent State0.7.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000006.00000003.1806175142.000001DA15D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000006.00000003.1806175142.000001DA15D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000006.00000003.1806175142.000001DA15D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json0.7.drString found in binary or memory: https://docs.google.com/
Source: firefox.exe, 00000006.00000003.2316693657.000001DA0F740000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316650002.000001DA0F733000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2316602412.000001DA0F734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.mic
Source: firefox.exe, 00000006.00000003.2316602412.000001DA0F734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microsoft.c
Source: manifest.json0.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378515798.000001DA130FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082000566.000001DA130FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870340104.000001DA130EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1825212528.000001DA130EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.7.dr, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.7.dr, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.7.dr, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.1806175142.000001DA15D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000006.00000003.2091694684.000001DA0E716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000006.00000003.2091694684.000001DA0E716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.2358511688.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000006.00000003.1808865901.000001DA14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000006.00000003.2075542900.000001DA14E20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2357239993.000001DA14E20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2042763244.000001DA14E20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2377377971.000001DA14E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.6.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000006.00000003.2091081296.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044981800.000001DA0F655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000006.00000003.2358511688.000001DA0E7C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000006.00000003.2087465231.000001DA0FF43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2358511688.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000006.00000003.1868959366.000001DA15295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2302021061.000017599DC80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000006.00000003.1868959366.000001DA15295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://m.kugou.com/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://m.soundcloud.com/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 00000010.00000002.2924221849.000001BB430CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.1871988433.000001DA0F61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044137244.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870729671.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378870092.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://music.amazon.com
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://music.apple.com
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://open.spotify.com
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://play.google.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000006.00000003.1871155996.000001DA0FF8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000006.00000003.2087554255.000001DA0F6B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2086384955.000001DA11EC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000006.00000003.2091081296.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000006.00000003.2091081296.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000006.00000003.2091081296.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000006.00000003.2091081296.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000006.00000003.2086384955.000001DA11EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000006.00000003.2091081296.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000006.00000003.2087465231.000001DA0FF43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378870092.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000006.00000003.2378977700.000001DA0F6D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2090790885.000001DA0F6D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087554255.000001DA0F6D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000006.00000003.1811539590.000001DA13118000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1829776393.000001DA13118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000006.00000003.1811539590.000001DA13118000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1829776393.000001DA13118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000006.00000003.2089873601.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000006.00000003.2089873601.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089873601.000001DA13A29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089873601.000001DA13A15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13A29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2357597924.000001DA13A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000006.00000003.2077227159.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044137244.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870729671.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378870092.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000006.00000003.2086384955.000001DA11EDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082569442.000001DA0FF42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087465231.000001DA0FF43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000006.00000003.2378870092.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044137244.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077227159.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870729671.000001DA0FFFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836130735.000001DA0F680000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://web.telegram.org/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1833573754.000001DA12C98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870456303.000001DA12C98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378654988.000001DA12C98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://www.google.com
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1833807353.000001DA1290B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drString found in binary or memory: https://www.gstatic.com
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.instagram.com
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.last.fm/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000006.00000003.1872326320.000001DA0E7DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000006.00000003.2137437898.000001DA0DE5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1873739695.000001DA0DE5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000006.00000003.1868959366.000001DA15295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1834983416.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2302021061.000017599DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870652832.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.office.com
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000006.00000003.2044902615.000001DA0F67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836130735.000001DA0F680000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000006.00000003.2302021061.000017599DC80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: 06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003EEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003EED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_003EED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003EEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_003DAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00409576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00409576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_ff34055a-d
Source: file.exe, 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_7d736ecb-c
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1f57cae9-0
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_47fccd91-1
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB436F2377 NtQuerySystemInformation,16_2_000001BB436F2377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB437199F2 NtQuerySystemInformation,16_2_000001BB437199F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_003DD5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_003D1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_003DE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037BF400_2_0037BF40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003780600_2_00378060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E20460_2_003E2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D82980_2_003D8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AE4FF0_2_003AE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A676B0_2_003A676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004048730_2_00404873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039CAA00_2_0039CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037CAF00_2_0037CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038CC390_2_0038CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A6DD90_2_003A6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038B1190_2_0038B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003791C00_2_003791C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003913940_2_00391394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003917060_2_00391706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039781B0_2_0039781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003779200_2_00377920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038997D0_2_0038997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003919B00_2_003919B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00397A4A0_2_00397A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00391C770_2_00391C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00397CA70_2_00397CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003FBE440_2_003FBE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A9EEE0_2_003A9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00391F320_2_00391F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB436F237716_2_000001BB436F2377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB437199F216_2_000001BB437199F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB43719A3216_2_000001BB43719A32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB4371A11C16_2_000001BB4371A11C
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0038F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00390A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00379CB3 appears 31 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@72/340@32/20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E37B5 GetLastError,FormatMessageW,0_2_003E37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D10BF AdjustTokenPrivileges,CloseHandle,0_2_003D10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_003D16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_003E51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_003DD4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_003E648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003742A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_003742A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA3D15-1750.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeReversingLabs: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1992,i,12574565550007719994,15380727788805795962,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2340 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1277e188-7dee-4079-b382-4169d11bcab3} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02870510 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6656 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -parentBuildID 20230927232528 -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e839537a-5e7e-4d2d-9112-3fc62bbeb606} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02843a10 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2036,i,17134127534699743552,13203090147020171696,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1996,i,5599362805012294974,11427720567035323471,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7208 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1992,i,12574565550007719994,15380727788805795962,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2340 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1277e188-7dee-4079-b382-4169d11bcab3} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02870510 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -parentBuildID 20230927232528 -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e839537a-5e7e-4d2d-9112-3fc62bbeb606} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02843a10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6656 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7208 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2036,i,17134127534699743552,13203090147020171696,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1996,i,5599362805012294974,11427720567035323471,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082000566.000001DA130C8000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082000566.000001DA130C8000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003742DE
Source: gmpopenh264.dll.tmp.6.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390A76 push ecx; ret 0_2_00390A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0038F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00401C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95927
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB436F2377 rdtsc 16_2_000001BB436F2377
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_003DDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E68EE FindFirstFileW,FindClose,0_2_003E68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003E698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003DD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003DD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003E9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003E979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003E9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003E5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003742DE
Source: firefox.exe, 00000009.00000002.2927580034.000001EB60A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln]
Source: firefox.exe, 00000009.00000002.2927580034.000001EB60A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllvXr
Source: firefox.exe, 00000009.00000002.2923563908.000001EB6009A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2926340520.000001BB435A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2923810898.000001BB42ECA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000009.00000002.2927049160.000001EB60619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000009.00000002.2927580034.000001EB60A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllsVv
Source: firefox.exe, 00000009.00000002.2927580034.000001EB60A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp[w
Source: firefox.exe, 00000009.00000002.2927580034.000001EB60A40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2926340520.000001BB435A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001BB436F2377 rdtsc 16_2_000001BB436F2377
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003EEAA2 BlockInput,0_2_003EEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003A2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003742DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00394CE8 mov eax, dword ptr fs:[00000030h]0_2_00394CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_003D0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003A2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0039083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003909D5 SetUnhandledExceptionFilter,0_2_003909D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00390C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_003D1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_003B2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DB226 SendInput,keybd_event,0_2_003DB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_003F22DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_003D0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_003D1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390698 cpuid 0_2_00390698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003E8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_003E8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003CD27A GetUserNameW,0_2_003CD27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003ABB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_003ABB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003742DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_003F1204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_003F1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505326 Sample: file.exe Startdate: 06/09/2024 Architecture: WINDOWS Score: 68 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 services.addons.mozilla.org 2->50 52 12 other IPs or domains 2->52 70 Multi AV Scanner detection for submitted file 2->70 72 Binary is likely a compiled AutoIt script file 2->72 74 Machine Learning detection for sample 2->74 76 AI detected suspicious sample 2->76 8 file.exe 1 2->8         started        11 msedge.exe 106 521 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 78 Binary is likely a compiled AutoIt script file 8->78 80 Found API chain indicative of sandbox detection 8->80 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.4, 138, 443, 49345 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 82 Maps a DLL or memory area into another process 11->82 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 96 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 49770, 49779 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 s-part-0023.t-0009.t-msedge.net 13.107.246.51, 443, 49761, 49762 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 14 other IPs or domains 22->62 58 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49789, 49793, 49805 GOOGLEUS United States 29->58 60 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49814, 49815 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://www.tsn.ca0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
https://gaana.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%Avira URL Cloudsafe
http://detectportal.firefox.com/0%Avira URL Cloudsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://latest.web.skype.com/?browsername=edge_canary_shoreline0%URL Reputationsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggest0%Avira URL Cloudsafe
http://www.fontbureau.com/designers0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%Avira URL Cloudsafe
https://spocs.getpocket.com/spocs0%Avira URL Cloudsafe
https://screenshots.firefox.com0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%Avira URL Cloudsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://ads.stickyadstv.com/firefox-etp0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%Avira URL Cloudsafe
https://monitor.firefox.com/breach-details/0%Avira URL Cloudsafe
https://profiler.firefox.com/0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://api.accounts.firefox.com/v10%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%Avira URL Cloudsafe
https://drive-daily-2.corp.google.com/0%Avira URL Cloudsafe
https://fpn.firefox.com0%Avira URL Cloudsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://drive-daily-5.corp.google.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%Avira URL Cloudsafe
http://www.carterandcone.coml0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://bugzilla.mo0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://chromewebstore.google.com/0%Avira URL Cloudsafe
http://www.sandoll.co.krim0%Avira URL Cloudsafe
https://drive-preprod.corp.google.com/0%Avira URL Cloudsafe
https://static.adsafeprotected.com/firefox-etp-js0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%Avira URL Cloudsafe
https://mitmdetection.services.mozilla.com/0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%Avira URL Cloudsafe
http://www.monotype.Fc0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://bard.google.com/0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
https://play.google.com0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
https://account.bellmedia.c0%Avira URL Cloudsafe
https://coverage.mozilla.org0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
http://exslt.org/dates-and-times$0%Avira URL Cloudsafe
http://www.sandoll.co.kr0%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%Avira URL Cloudsafe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true0%Avira URL Cloudsafe
https://profiler.firefox.com0%Avira URL Cloudsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		unknown
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          s-part-0023.t-0009.t-msedge.net
          		13.107.246.51
          		truefalse
            		unknown
            prod.detectportal.prod.cloudops.mozgcp.net
            		34.107.221.82
            		truefalse
              		unknown
              services.addons.mozilla.org
              		52.222.236.80
              		truefalse
                		unknown
                ipv4only.arpa
                		192.0.0.170
                		truefalse
                  		unknown
                  prod.remote-settings.prod.webservices.mozgcp.net
                  		34.149.100.209
                  		truefalse
                    		unknown
                    googlehosted.l.googleusercontent.com
                    		142.250.184.193
                    		truefalse
                      		unknown
                      sni1gl.wpc.nucdn.net
                      		152.199.21.175
                      		truefalse
                        		unknown
                        telemetry-incoming.r53-2.services.mozilla.com
                        		34.120.208.123
                        		truefalse
                          		unknown
                          detectportal.firefox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            clients2.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		unknown
                              bzib.nelreports.net
                              		unknown
                              		unknownfalse
                                		unknown
                                firefox.settings.services.mozilla.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://www.google.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://detectportal.firefox.com/firefox.exe, 00000006.00000003.2084240794.000001DA14CE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.mozilla.com0firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.2924221849.000001BB430CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersfirefox.exe, 00000006.00000003.2314330520.000001DA0F734000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000006.00000003.2044902615.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378977700.000001DA0F687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871781889.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://docs.google.com/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://screenshots.firefox.comfirefox.exe, 00000006.00000003.2087465231.000001DA0FF43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378870092.000001DA0FFE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.youtube.com06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://completion.amazon.com/search/complete?q=firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000006.00000003.2089873601.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089873601.000001DA13A29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089873601.000001DA13A15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13A29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2357597924.000001DA13A29000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.instagram.com06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/breach-details/firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1833573754.000001DA12C98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870456303.000001DA12C98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2378654988.000001DA12C98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725957592.000001DA12181000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.com/firefox.exe, 00000006.00000003.1871155996.000001DA0FF8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.msn.comfirefox.exe, 00000006.00000003.1868959366.000001DA15295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1834983416.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2302021061.000017599DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870652832.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.office.com/mail/compose?isExtension=true06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000006.00000003.1724369199.000001DA12141000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1725701138.000001DA1216C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723167410.000001DA11F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723462791.000001DA12117000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1724920389.000001DA12157000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1723762649.000001DA1212C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://i.y.qq.com/n2/m/index.html06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.deezer.com/06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://web.telegram.org/06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.accounts.firefox.com/v1firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-2.corp.google.com/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://fpn.firefox.comfirefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000006.00000003.1873158778.000001DA0DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924748687.000001EB604E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2924221849.000001BB430F2000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-1.corp.google.com/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://excel.new?from=EdgeM365Shoreline06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com/firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-5.corp.google.com/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.comlfirefox.exe, 00000006.00000003.2389694596.000001DA13E78000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000006.00000003.1835605989.000001DA0F68E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://127.0.0.1:firefox.exe, 00000006.00000003.2378832428.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1834983416.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2137017839.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1870652832.000001DA11E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2043997156.000001DA11E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bugzilla.mofirefox.exe, 00000006.00000003.1811105838.000001DA132DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871952192.000001DA0F63E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mitmdetection.services.mozilla.com/firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://amazon.comfirefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000006.00000003.2089873601.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1824719627.000001DA13AB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.sandoll.co.krimfirefox.exe, 00000006.00000003.2319115209.000001DA0F732000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromewebstore.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-preprod.corp.google.com/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000006.00000003.1806175142.000001DA15D51000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://spocs.getpocket.com/firefox.exe, 00000006.00000003.2044981800.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2091081296.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1836186530.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2077514398.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087851403.000001DA0F666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1871822303.000001DA0F666000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bard.google.com/06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.monotype.Fcfirefox.exe, 00000006.00000003.2323028727.000001DA0F731000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.office.com06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/0/06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000006.00000003.2378977700.000001DA0F6D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2090790885.000001DA0F6D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2087554255.000001DA0F6D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp.8.dr, f106487f-daab-4e33-a6ff-a9523285b476.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000006.00000003.2044326874.000001DA0FFB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.tsn.cafirefox.exe, 00000006.00000003.2302021061.000017599DC80000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tidal.com/06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/aboutfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://mozilla.org/MPL/2.0/.firefox.exe, 00000006.00000003.1768052194.000001DA15CA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1823823560.000001DA15CAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1773274216.000001DA14FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1806413498.000001DA152EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1808618332.000001DA14FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2083558044.000001DA14FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1808618332.000001DA14FE9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://account.bellmedia.cfirefox.exe, 00000006.00000003.1868959366.000001DA15295000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://gaana.com/06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://login.microsoftonline.comfirefox.exe, 00000006.00000003.1868959366.000001DA15295000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://coverage.mozilla.orgfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000006.00000003.2092921051.000001DA13400000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.live.com/mail/compose?isExtension=true06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://blocked.cdn.mozilla.net/firefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://exslt.org/dates-and-times$firefox.exe, 00000006.00000003.2380313144.000001DA0DE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1873158778.000001DA0DE81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2137105971.000001DA0DE71000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.sandoll.co.krfirefox.exe, 00000006.00000003.2319115209.000001DA0F732000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.comfirefox.exe, 00000009.00000002.2924225173.000001EB60120000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2926547701.000001BB436A0000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000006.00000003.2094172474.000001DA10634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1728178908.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2089214160.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2082367151.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2044273687.000001DA0FFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1835190885.000001DA0FFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1732187105.000001DA10633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1813166802.000001DA10639000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://latest.web.skype.com/?browsername=edge_canary_shoreline06dbb549-3701-47a7-8000-b98ab11bd799.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  142.250.80.46
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  23.200.0.42
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  13.107.246.40
                                  		unknownUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  142.250.176.202
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  152.195.19.97
                                  		unknownUnited States
                                  		15133EDGECASTUSfalse
                                  162.159.61.3
                                  		chrome.cloudflare-dns.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  142.251.40.132
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  34.120.208.123
                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                  		15169GOOGLEUSfalse
                                  13.107.246.51
                                  		s-part-0023.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  142.250.184.193
                                  		googlehosted.l.googleusercontent.comUnited States
                                  		15169GOOGLEUSfalse
                                  34.149.100.209
                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                  		2686ATGS-MMD-ASUSfalse
                                  52.222.236.80
                                  		services.addons.mozilla.orgUnited States
                                  		16509AMAZON-02USfalse
                                  34.107.221.82
                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  104.126.116.43
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  35.244.181.201
                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  35.190.72.216
                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  172.253.115.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.4
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1505326
                                  Start date and time:2024-09-06 01:21:08 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 50s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:26
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal68.evad.winEXE@72/340@32/20
                                  EGA Information:
                                  • Successful, ratio: 66.7%
                                  HCA Information:
                                  • Successful, ratio: 96%
                                  • Number of executed functions: 36
                                  • Number of non-executed functions: 315
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 64.233.167.84, 13.107.21.239, 204.79.197.239, 142.250.74.206, 13.107.6.158, 2.19.126.152, 2.19.126.145, 142.250.185.67, 2.23.209.182, 2.23.209.149, 2.23.209.133, 2.23.209.130, 216.58.212.163, 20.223.35.26, 93.184.221.240, 192.229.221.95, 172.217.23.110, 2.22.61.56, 2.22.61.59, 142.250.185.206, 142.251.40.227, 142.250.80.99
                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com,
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtCreateFile calls found.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: file.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  00:22:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                  00:22:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  23.200.0.42file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                      • www.aib.gov.uk/
                                                      NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/3zs
                                                      PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/42Q
                                                      06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/3zk
                                                      Quotation.xlsGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/3zM
                                                      152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                                      • www.ust.com/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      https://ws.onehub.com/folders/xxma24lqGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      Re-chnung-010910294.zipGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      s-part-0023.t-0009.t-msedge.netfile.exeGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.51
                                                      https://demo.testfire.net/login.jspGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.51
                                                      https://forms.office.com/e/SK99GFntNY%9C%D1%96%D165qvqrYAVfmSXl6ObkQscukzhydtenmpez65qvqrYAVfmSXl6ObkQs?owla=529Kjosg2dGet hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.51
                                                      UploadCustomersTemplate(2).xlsmGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.51
                                                      https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.51
                                                      17246518258434d926749df1a5b2ac19402a34471311ad8b84570ef434caa2be683e76b5f6307.dat-decoded.exeGet hashmaliciousXWormBrowse
                                                      • 13.107.246.51
                                                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.48
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.48
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.23
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 108.156.60.43
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.23
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 18.65.39.4
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 108.156.60.108

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                                                      • 23.219.82.8
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 104.70.121.219
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.59.250.35
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.219.82.26
                                                      Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 23.197.127.21
                                                      https://jtielectrical-my.sharepoint.com/:f:/g/personal/wwise_jtielectric_com/EiRUStVFyApDuTy9pUHQbzMB7Ixh_nngG6WTsOeTzF4k1w?e=MsJpM6Get hashmaliciousUnknownBrowse
                                                      • 2.16.238.149
                                                      https://webmail_208425654.itdays.net/271702705cloudstore-428375907?data=consumer-in@kenvue.comGet hashmaliciousHTMLPhisherBrowse
                                                      • 2.16.6.30
                                                      https://eu2.contabostorage.com/0f057bf4d91340d3ae18d5f31372fa7e:new/document.html#rthurston@democracyforward.orgGet hashmaliciousUnknownBrowse
                                                      • 23.55.252.214
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.59.250.66
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.59.250.72
                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, VidarBrowse
                                                      • 104.21.10.172
                                                      http://www.internal-checker.com/Get hashmaliciousUnknownBrowse
                                                      • 104.18.72.113
                                                      https://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.dweb.link/Get hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      http://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.cf-ipfs.com/Get hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      http://loginnetflixleiojfioje.blogspot.com.cy/Get hashmaliciousUnknownBrowse
                                                      • 104.18.86.42
                                                      https://www.dhl886.top/?i=253635/Get hashmaliciousUnknownBrowse
                                                      • 172.67.175.240
                                                      https://v70969.webmo.fr/auth-dk/de/login.phpGet hashmaliciousUnknownBrowse
                                                      • 104.17.25.14
                                                      http://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
                                                      • 104.18.86.42
                                                      https://pub-8b553b2110994b549ea2c074400e9182.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                      • 104.18.3.35
                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                      • 172.67.146.35
                                                      EDGECASTUShttps://xy2.eu/3k2fIGet hashmaliciousUnknownBrowse
                                                      • 192.229.221.25
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      Status Update NGKUV.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTddrBVlbCteZJj8QfhFvhzGnrSwkFwZUI8U0ElApY3ruN2moaZlprSDGWrxtrbI1MBxlzIbpGFmlWRXVz-DfjyzMo6DjGJvk2NdT1NgnbRCGzTYRw7PzgS1STErkGqov-2A=/MTU3LUdRRS0zODIAAAGVXrvPPFFO4qk2k5S0WBN6iOmgYzwr15ol9HTLY_vuNwgIljWNKTe4HuyrKAtA0lJBatyTgWI=Get hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      Jenny Baker-ln service Agreetment-##num##.pdfGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                      • 192.229.221.95
                                                      https://www.linkedin.com/redir/redirect?url=https://lookerstudio.google.com/s/o4pSLJjGIwU&urlhash=CUME&trk=article-ssr-frontend-pulse_little-text-blockGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.118
                                                      MICROSOFT-CORP-MSN-AS-BLOCKUShttp://geminiak.weebly.com/Get hashmaliciousUnknownBrowse
                                                      • 51.104.148.203
                                                      http://mettamask-org-exoi.webflow.io/Get hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      http://support-metamlk-exten.webflow.io/Get hashmaliciousUnknownBrowse
                                                      • 150.171.28.10
                                                      http://help-s-sso-metmeask.webflow.io/Get hashmaliciousUnknownBrowse
                                                      • 150.171.28.10
                                                      http://help-hub-metamasskk--net.webflow.io/Get hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      http://learn-help---mettamsks.webflow.io/Get hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      http://manta-network.de/Get hashmaliciousUnknownBrowse
                                                      • 20.4.130.154
                                                      http://www.3659ggg.net/Get hashmaliciousUnknownBrowse
                                                      • 52.184.8.29
                                                      http://bt-108132.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      http://spotifyaagman.freewebhostmost.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.28.10

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      28a2c9bd18a11de089ef85a160da29e4http://dappdefi-layer.com/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      http://www.internal-checker.com/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      http://hoangboy23.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      https://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.dweb.link/Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      http://bafkreih4ip5zjsxef3jbe32pyegreos33fovmx4546n5bglt5plmopvjiq.ipfs.cf-ipfs.com/Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      https://onyxbusinesssolutions.co.za/ie/yoww6n/as5kb3lub3zaaxmtymcubmv0/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      http://loginnetflixleiojfioje.blogspot.com.cy/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      https://www.dhl886.top/?i=253635/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      http://icit.fr/tsrwGet hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      https://v70969.webmo.fr/auth-dk/de/login.phpGet hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.80
                                                      • 34.120.208.123

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                            file.exeGet hashmaliciousUnknownBrowse

                                                                                              Created / dropped Files

                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_80b92ddf-4b6e-46a4-b691-a77141f0b299.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6439
                                                                                              Entropy (8bit):5.142116663104962
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:ojMiZVOcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:oYHcNhnzFSJ5nSrDhJdB
                                                                                              MD5:FB0E51E458C1B73107249944ADE4EE4A
                                                                                              SHA1:406CB2665A47D465B4DE118EBC65308017719706
                                                                                              SHA-256:5D89EDCFB20CC594B949925B56D2D4F5B63BC65228BE06961A85ECCE9AC33E72
                                                                                              SHA-512:50E32E52B86E910C7B811EF5CAB177EE71A67EBB6CE8FB34ED7B0AB98A633E68CF2B318C89891FA3B7F1EC4B2B5C6928A23C61EF624D23D2689A8916733AF871
                                                                                              Malicious:false
                                                                                              Preview:{"type":"uninstall","id":"80b92ddf-4b6e-46a4-b691-a77141f0b299","creationDate":"2024-09-06T01:04:15.779Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_80b92ddf-4b6e-46a4-b691-a77141f0b299.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6439
                                                                                              Entropy (8bit):5.142116663104962
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:ojMiZVOcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:oYHcNhnzFSJ5nSrDhJdB
                                                                                              MD5:FB0E51E458C1B73107249944ADE4EE4A
                                                                                              SHA1:406CB2665A47D465B4DE118EBC65308017719706
                                                                                              SHA-256:5D89EDCFB20CC594B949925B56D2D4F5B63BC65228BE06961A85ECCE9AC33E72
                                                                                              SHA-512:50E32E52B86E910C7B811EF5CAB177EE71A67EBB6CE8FB34ED7B0AB98A633E68CF2B318C89891FA3B7F1EC4B2B5C6928A23C61EF624D23D2689A8916733AF871
                                                                                              Malicious:false
                                                                                              Preview:{"type":"uninstall","id":"80b92ddf-4b6e-46a4-b691-a77141f0b299","creationDate":"2024-09-06T01:04:15.779Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1dfa8d83-0848-4eae-b03d-1b40ef6f8e07.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):25053
                                                                                              Entropy (8bit):6.030903238647797
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:BMGQ7FCYXGIgtDAWtJ4E1o+/qAfTEK266S3xXNd:BMGQ5XMB313zoMXNd
                                                                                              MD5:16C767B09C0433AEFCE1BDBA03356E0F
                                                                                              SHA1:AA2776786CB74E62C884D1E81B105256810422C9
                                                                                              SHA-256:E72099F4A348F1EFDB8245494DE84E4A104133106FD6F741A71B4382FD11D438
                                                                                              SHA-512:AF5E000435B0010C778D51AE7AE7F0C69C3386862EA6EAAC419FB1B3CFF4654D97FF0D4BA0FD4945F5E67BAF64BA24519F4E92E7F8812B56F03D148CD932CB98
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370052120098523","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\38bc9679-9446-4d05-b53b-18e502dfc06e.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):22925
                                                                                              Entropy (8bit):6.046282406199267
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:rtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhi+kVeHK266SDTx5JkjrKyqOI:BMGQ7FCYXGIgtDAWtJ4n1o+/HK266S3V
                                                                                              MD5:060F3DDE16CEA1396E609A734A9115F7
                                                                                              SHA1:E00E6720E86178ED08E81EFCC9B845E6BDA97572
                                                                                              SHA-256:B15A29F5F024DE248F600CEC91B3360F1F35B39433C2C09D618CF2C4BE6E5934
                                                                                              SHA-512:70662A353B9EEB5CE1A7D8443EFBAE201E5C685F5CA764347456AF290C464DB27E001CC39D4079CFFF6B5C9A6231DF11413D86BD3C888CBC5CAFD804D0B729A4
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370052120098523","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4352f982-b39a-459a-9cb4-207a69f4045d.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):23967
                                                                                              Entropy (8bit):6.049743212767669
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:rtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhi+kVeOcEg61QSDTx5JkjrKyqOx:BMGQ7FCYXGIgtDAWtJ4n1o+/Org61QSG
                                                                                              MD5:69D2792E3ED1E99D9051E7F07AFCD086
                                                                                              SHA1:86C64EDE8D998B0D15D22B1E97D4E77769357B76
                                                                                              SHA-256:7D419394219E409BB7048E271BA8437CB5B26E8E5A5B46F610BD6FE15C8E9EDF
                                                                                              SHA-512:E90D31A8220A993BA1B1E0C65A602BBE1A84DB8AADD0F4D8A7B08538D48EDC3507D9F89A71F83D8538C1441AE62D37299864C09C4E7AFFA307D732CE4B7E7BE8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370052120098523","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\447562d3-b7b2-4372-86e2-7df0044681d6.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7846de8f-483f-404e-a84e-832e14aa9787.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):8239
                                                                                              Entropy (8bit):5.791923292586107
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:fsNATmkReiRUGojKlk6/T6qRAq1k8SPxVLZ7VTiQ:fsNASkh1uK26b6q3QxVNZTiQ
                                                                                              MD5:4FC9AF9849225931772B4A692716CAF7
                                                                                              SHA1:332B52EF40414EA17B33BADAF3DDAC5B40345E96
                                                                                              SHA-256:FE3EE395AC554D41EE361B71938867948F6B521FBC1AD9EDBEBE88A7C4DF0BF3
                                                                                              SHA-512:54C4933B027D97BD78902FA63E252F181429D5239534C5883DD41B442E2853A6EFE6D9DC344E0BD65EBFE88FB7FC6608DAB8BE23BE62CBFE7639AF20AC832B64
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\78e0b822-0041-465f-a5ea-7f31c273f045.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):25104
                                                                                              Entropy (8bit):6.030045748861611
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:BMGQ7FCYXGIgtDAWtJ4Eko+/qAfT7K266S3xXNd:BMGQ5XMB3k3ooMXNd
                                                                                              MD5:2A7252962C1912253BAA7F3E90FE2F77
                                                                                              SHA1:98EA193A10018A64B0CFAA665D5FD0FDC174AB57
                                                                                              SHA-256:233A29CB5A1160F9CD7168B7696E47F2B2E7FA26AE98DB54C7F4F172C1107D07
                                                                                              SHA-512:E094A92DB37C4738DD2903E1B4DB38A56A2B7614888908CDC35204C7C16123BCC481A3D22D080B29BC9C7508303C05345084A17C4DD365A4E73D150874E8435A
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370052120098523","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7d418c1c-52e1-4860-8b93-ec81f2d3ac16.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):23967
                                                                                              Entropy (8bit):6.049743212767669
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:rtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhi+kVeOcEg61QSDTx5JkjrKyqOx:BMGQ7FCYXGIgtDAWtJ4n1o+/Org61QSG
                                                                                              MD5:69D2792E3ED1E99D9051E7F07AFCD086
                                                                                              SHA1:86C64EDE8D998B0D15D22B1E97D4E77769357B76
                                                                                              SHA-256:7D419394219E409BB7048E271BA8437CB5B26E8E5A5B46F610BD6FE15C8E9EDF
                                                                                              SHA-512:E90D31A8220A993BA1B1E0C65A602BBE1A84DB8AADD0F4D8A7B08538D48EDC3507D9F89A71F83D8538C1441AE62D37299864C09C4E7AFFA307D732CE4B7E7BE8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370052120098523","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):107893
                                                                                              Entropy (8bit):4.640149995732079
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                              Malicious:false
                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\e9ab3d23-8e46-456e-b54d-f14546749c31.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):107893
                                                                                              Entropy (8bit):4.640149995732079
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                              Malicious:false
                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA3D15-1750.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.039674275672891224
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:fG01utmqvDzKX73J8iD12absbZHtgbXoh8IYhHBNELi/cRQMcKhDXn8y08Tcm2Rl:e0EtulWCXhhxQrhDX08T2RGOD
                                                                                              MD5:8AA0F848440A9100CE6ED4CBD4B59ED9
                                                                                              SHA1:18F5DD982DFD072CD2A5FEA5B3EFB4644BB85EA3
                                                                                              SHA-256:709D9408F83973EAC91F0EE7C55E85D37C874730267EF5C24E33D147CB6A2AE3
                                                                                              SHA-512:780D957E7FBF677B4FEBD9F62FE6B4C81CA3E0612727753855F1C1DB7E8CCFA9D5CA821D015C74A60E497ED0CF9A06BAA8B9C12B3EB22D94FF6CD9C273038E3C
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".jaiduh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA3D15-1CC8.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.4694614118702739
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:/owduDNsmZmlUaHBVlaYPqpxgOX8ih6aH8:kDZmlXVQRZ
                                                                                              MD5:C7735D91AE18C2195F69D5C839D75205
                                                                                              SHA1:895B87BEA3D8FCEB512ADCEEAF4872A19F4A6842
                                                                                              SHA-256:AF4D9712087037E757C1E662003E8439C3D831B392114BA150D1F143F4B49F23
                                                                                              SHA-512:7AE827DAD88C50546BC23EF11A9063B1E976DF93688F4D2CAA1FBF53E27F9FDEADB47659E9637FF05C2EDBAC77438D4F207AE1DF821C6839ED73647240B46ABF
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................... ...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".jaiduh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA3D28-1858.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.04077121523358034
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:jG0EbtmqvDtKX79cJEa3XxxTxqZ/g+X8c970R6Eqh57NgmR21gQMHweDnan8y08s:C0EtZeK8YL+FhxfSgzweDa08T2RGOD
                                                                                              MD5:7847AC9B7674A782806457F6D4DAF27F
                                                                                              SHA1:D4DD5DAFC3F91BEBCFD978E396AFD7A72ADBAEFB
                                                                                              SHA-256:2A397BB895CC3C47D091074BABF1C36B9AC99A50052FE816CFF92078959754F8
                                                                                              SHA-512:010AA3C53B207CD91CE774756213ABF12B6F91241AFDE9E8A4789271C7FBF4A0C0B2B95A53CD0CB16E9015C3F78792589D7E69BA01784424E6C264740ED44A5F
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".jaiduh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DA3D30-2004.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.04016669123870075
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:eQ0EbtmqvDHKX7YJX3Bhaq+9XmugI9DhgUNEORMU1gQseydKYmUn8y08Tcm2RGOD:h0EthQXKAh1Gkgfdb08T2RGOD
                                                                                              MD5:75078227A8984823172D75E70B75CC29
                                                                                              SHA1:058BE6B45F4AC07AD52B376C2BCB72035DEDCA3D
                                                                                              SHA-256:0A5D1AA5D71942C2D55D0E4C7195CA43FF0AF91F1904D6FBDB6AB93C8E8B3FAA
                                                                                              SHA-512:851B67F270180D0596E51E91504C9C5363AE9C29061291FD440732E5FF44A0476F2D67056530B0CF0A2980EA4203889A294EF5DCB1AE714D4A12B25E0946E2BA
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@................^...N..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".jaiduh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):16384
                                                                                              Entropy (8bit):0.3553968406659012
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                              MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                              SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                              SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                              SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                              Malicious:false
                                                                                              Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):280
                                                                                              Entropy (8bit):3.060980776278344
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                                              MD5:74B32A83C9311607EB525C6E23854EE0
                                                                                              SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                                              SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                                              SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                                              Malicious:false
                                                                                              Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\06dbb549-3701-47a7-8000-b98ab11bd799.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):115717
                                                                                              Entropy (8bit):5.183660917461099
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                              Malicious:false
                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0f28081b-0ee4-4187-8fa8-c2066477bb19.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13652
                                                                                              Entropy (8bit):5.240709594489299
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZiuaba4uy9J0dmMVb8Yp358Opj+F34QAvqVa1f:sVsLLAJuiJ0d3bVpUIQ8qO
                                                                                              MD5:098E32B0FB92105CA3617CEFFCB740D3
                                                                                              SHA1:2E79EB7B7BDAFCE737D7D20BC115DF9080A967F0
                                                                                              SHA-256:406F66554AE716620B278411070B86A29B6DB7DF32EEF9975D986915A3917999
                                                                                              SHA-512:8F752581E50EACBB610B7D3B1114B5D334EF1D22983993DA461E99F690C042D6F52886540362A23E4B4E68FA145B3E776ED4D684D8D38249991F503C87FCE207
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3ef9a20b-2a9e-49e5-b1f2-975a5a651a83.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5cf8962d-d8e2-458b-9e62-151781b02521.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36339
                                                                                              Entropy (8bit):5.565896268384059
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:N+EJMcWP+Uf5+8F1+UoAYDCx9Tuqh0VfUC9xbog/OVpa4/o22rw59+DdKp5tu/:N+EJMcWP+Uf5+u1jaAa4A2T59c8tw
                                                                                              MD5:2C404E69C52AA4EE14DAA976D247D8EA
                                                                                              SHA1:9B07D217DAC717F9CC69E88240FAD9866AD43DF4
                                                                                              SHA-256:CFD7087C41D2299536120DB480521730AB9DE2D3A1653301E3F8D6422AB51104
                                                                                              SHA-512:07438CA282FF94125C0D22FFCB6E53A6E0459E3766744BEB8AA4F7BB538EE74A938616973BF6B2AF4FE595946BF5D29D4C7EA01E90F3EB3DAADE1CDD5D1C1B72
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370052118397024","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370052118397024","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\77512c37-f93d-46ee-a366-104130ec5af0.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8b78e026-fb12-48a4-b32d-e1df67e7228b.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13690
                                                                                              Entropy (8bit):5.240164562883747
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZiuaba4uy9J0dmMVb8Yp358Opj+F34QAtqVa1f:sVsLLAJuiJ0d3bVpUIQGqO
                                                                                              MD5:FA585345F77FE49CD30E6A6AF54F9BDF
                                                                                              SHA1:6370F6B9A65762889FE464DF439E74BDA43D7E9E
                                                                                              SHA-256:65D16F74B413AEC49EA5DCCF00C402772DE0CEABFE127312C4537794B6AF0DE4
                                                                                              SHA-512:04108433173BDAE5B0A1A3939009949E1B903C545CE52B4652C79792FAC9BAC47EF8586911F37796BA9689ECFB5132DA1B9A6BAE9FC48B63343A5664E00A8168
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):1695826
                                                                                              Entropy (8bit):5.041119261105696
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:FPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:FPfZ/mS5
                                                                                              MD5:CCDE4DCB4DB77DF644C92A28F20514B2
                                                                                              SHA1:79DBFEB1EEF8FCCFB4E3D7F5FBAC8A36C3C559CF
                                                                                              SHA-256:B1C99331ABA4A969E7FE0AA655D83AB666B141FEFA6B5FB1262922405336AD17
                                                                                              SHA-512:CC2732875207FEB623995D2731462610FA0141318BCED2F1A533B67E4D2FD1D537657869BA8EBEFBAD0FC3309726FE66116B11A57F7F057FBB6EAE58F21DC68D
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.126.F.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13370052124753193.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}].!.N.................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13370052124753937.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):293
                                                                                              Entropy (8bit):5.121958016206852
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Phd2q1wkn23oH+Tcwt9Eh1ZB2KLllhUUKq2Pwkn23oH+Tcwt9Eh1tIFUv:P721fYeb9Eh1ZFLnLKvYfYeb9Eh16FUv
                                                                                              MD5:98BA0BBE8B1D57EE6B0429F45EE0B985
                                                                                              SHA1:E4EA8428998DDF6BB64259FCA608D74BFF30D258
                                                                                              SHA-256:30F77F2658422C84E3900550F45762DFA2BBB618CF18C003D9F5FB57DA296B44
                                                                                              SHA-512:59F621677AB00BA497452F97658E7DD43CCE41C0D52D751DAD0B78F1A597008952FBC61989BEB2354B899AE28C0DC44FF5FA671F04BFEF56A2127425EF804B35
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:03.687 21d0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/05-19:22:03.753 21d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):12288
                                                                                              Entropy (8bit):0.3202460253800455
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                              MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                              SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                              SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                              SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.46547888278824984
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfB:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                              MD5:3D5FA7B199D49A33366C29A7442D90CD
                                                                                              SHA1:92C133529FCD21359F42606961843412AFE4E955
                                                                                              SHA-256:DE2D5927F60872CB73FE14077D6E919178946983F63E1361984F7A86A17A89C3
                                                                                              SHA-512:35CC1CDEB78DA46C546AB8791A2E30713496AE5A7F7EC78A39AB8817D6EAFCD73E09424A3297A246738BF4761C9DA07E5EE799195CEF510B551B7B800F2E7187
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNlWB/:Ls3I
                                                                                              MD5:B8C9BFF8411A1CFE1B14E0FC8F9AD6FC
                                                                                              SHA1:9F4E23E8E6B9B1F18245420EB703C64C962588F9
                                                                                              SHA-256:DB88033828D0CEE798D7A6698804B9E80D10E2C99F65426613C334B02509D305
                                                                                              SHA-512:83AE9B801668024B2934BC63B2425CC51EE06A80236F2DF19785826A8C5990A04355FAD5BE3F52913019BE192EE72246E2A550030C4D2CEE47DFBB070D91A1E2
                                                                                              Malicious:false
                                                                                              Preview:..........................................9.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):33
                                                                                              Entropy (8bit):3.5394429593752084
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):305
                                                                                              Entropy (8bit):5.20679279631762
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7RN1wkn23oH+TcwtnG2tbB2KLll7Hqyq2Pwkn23oH+TcwtnG2tMsIFUv:PFQfYebn9VFLnLvvYfYebn9GFUv
                                                                                              MD5:16E61915740888A295DF0F78EFC1B0BA
                                                                                              SHA1:F9490153F9B75867D42497BDB1393FC264138CD8
                                                                                              SHA-256:891384E5B49F12CBE8C5E1458C480E1D4C1BAA6795B489861F511A652756F4C0
                                                                                              SHA-512:720C820027B8B2C79413053BAA0259146BFEE69432F167716DC0A8DB327B53D30331DE079B647AA7C8225FD92890CFDCBFE9B2F19C5C3814D32A4F35A515805E
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:58.652 1dc0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/05-19:21:58.666 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.494709561094235
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                              MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                              SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                              SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                              SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.6136824874354756
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+j8cMWp+TcMXmL:Te8D4jJ/6Up+XMhgMs
                                                                                              MD5:A1315F05B4024AFE7818E7AA4E673549
                                                                                              SHA1:ADBF119EA703A1BA1605DBA923C9889E7A1F7165
                                                                                              SHA-256:5A8F384FB94328BBD77F79B2A85227814CFE58EB872548A6A160CB523D0324BD
                                                                                              SHA-512:9348CA7D38580CC0FD4C3144BD6D0D75DF081EA928EACB584DCA6ED84C35537E8558BC4400E82C208A3166340651877BA56118A294C8477F92EA535836886407
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):375520
                                                                                              Entropy (8bit):5.354051487220124
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:RA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:RFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                              MD5:0583CCE520D5B01005028A555B5FD90C
                                                                                              SHA1:EABB94A2FE49CC69F902C7FB6A48F9EE12BF479E
                                                                                              SHA-256:5CF2C49BE47C0F39CFFA08B8DC3AD07CEE395ED925B4B114AED3E191F0FAE53E
                                                                                              SHA-512:70D95B226F3D1C1169A8562C97E3CB86A9450E4A79425A505B0B4888AEAA984F846D5F77786F55636B2B1C78EFF950E90D3B8D168599C8EFF33B526C65463F9B
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1rBp.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370052124760733..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):309
                                                                                              Entropy (8bit):5.169213200409349
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Ph3c1wkn23oH+Tcwtk2WwnvB2KLllh7N+q2Pwkn23oH+Tcwtk2WwnvIFUv:P5fYebkxwnvFLnn+vYfYebkxwnQFUv
                                                                                              MD5:C237A95F42DDA6C0984DCB33A691B1DB
                                                                                              SHA1:CE3AC5022F3C79129649EA8AA24F870F3F3EDEB7
                                                                                              SHA-256:012F48E3A3F4CBA6B17652FECB2720B46D087313DA73D4B35D28F2DFED9E6BA8
                                                                                              SHA-512:04FE0B0FD1655D700C8705FBA70EEFB6224D81B17460DE9CC041ACA7B2D83189CF08903BCB7E29E3CAD08822CDCCFBDB21CA9DABD39ECAAECAACEBE3A71395EE
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:03.701 22bc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-19:22:03.755 22bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):358860
                                                                                              Entropy (8bit):5.324622888435785
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R3:C1gAg1zfvf
                                                                                              MD5:0A0440C87A02B0FF6327CF5619A5DD2A
                                                                                              SHA1:184106F6C3C098E4823796474600274DE3EE27E4
                                                                                              SHA-256:FCBF09C4D63AC8045F02DA0F300CE440562FF03D33DFD5A2E2B64A76747F95BA
                                                                                              SHA-512:F64E2FDCFF01154C24B7A9A49E1D091B4037D82EE6DDDB16C76C112F0045E8271FC4F2BFA50E255735A20E5C143E3E58BE8E11BEB01B042D3D94B9529C97DAF1
                                                                                              Malicious:false
                                                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):209
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):281
                                                                                              Entropy (8bit):5.1945672776731096
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7Pg1wkn23oH+Tcwt8aVdg2KLll73jyq2Pwkn23oH+Tcwt8aPrqIFUv:PrfYeb0LnrOvYfYebL3FUv
                                                                                              MD5:B917E3397A31C317D9A55BEF826AC286
                                                                                              SHA1:C6D4C623733ADBC082ECAF34B20C5DC738554E4F
                                                                                              SHA-256:B9D0A0E6346A46181D51D839AA71E3E5D321796A83B4BE387C7E295634F3CF95
                                                                                              SHA-512:AE0C6E829FBD98B3528166F31AF0FD452EF67944B6D043D1EE02E583E926F0731B3DFABB1762AF3A7507AB5B57FB09495DD3EA3C52A24D4A9A1A7697E99FF909
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:58.668 1dc0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/05-19:21:58.799 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):209
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):285
                                                                                              Entropy (8bit):5.181321231187337
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7VCP1wkn23oH+Tcwt86FB2KLll7eqyq2Pwkn23oH+Tcwt865IFUv:PJPfYeb/FFLnGvYfYeb/WFUv
                                                                                              MD5:27E8C7C9CED42C2481223F50603384A5
                                                                                              SHA1:754A8E8C486599B6E17D3150A1C0E143C41D6CD9
                                                                                              SHA-256:B9D9926458ACE00D43CE5C5A0D3FEE82CE19735B233F481FA3739E301C7E820F
                                                                                              SHA-512:C127CFC2A935A6E977B5C6805BB44A7FE80B1233C2FCD43B641B5EBBC9F01B3265B9E09A8597049BBF6F6F2F1844765DA6C509A6AAF2BDD69CB7C3A089934D85
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:58.833 1dc0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/05-19:21:58.997 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):1197
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                              MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                              SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                              SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                              SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.18682265810393
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PdRI3+q2Pwkn23oH+Tcwt8NIFUt82djfZmw+2djfVkwOwkn23oH+Tcwt8+eLJ:PdnvYfYebpFUt82db/+2dx5JfYebqJ
                                                                                              MD5:6C0795AD4ED492217C270AE74D11832D
                                                                                              SHA1:6CFFEEE3A4BA177F6BE9240C2B25D1AE9D152068
                                                                                              SHA-256:EC3BF2F15E3279675B18879A08FA7EE4347F0C8009AFC43C100B29EE0938A78B
                                                                                              SHA-512:88C59F32C99DDC529D37F7E0838E168BDAF4ED6F1AF58131F648BE874BD71677605C8F2B4742E4912647009420A79608328901478AB2B365D55AEDD3A19E5D6D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.163 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-19:22:00.164 1d58 Recovering log #3.2024/09/05-19:22:00.164 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.18682265810393
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PdRI3+q2Pwkn23oH+Tcwt8NIFUt82djfZmw+2djfVkwOwkn23oH+Tcwt8+eLJ:PdnvYfYebpFUt82db/+2dx5JfYebqJ
                                                                                              MD5:6C0795AD4ED492217C270AE74D11832D
                                                                                              SHA1:6CFFEEE3A4BA177F6BE9240C2B25D1AE9D152068
                                                                                              SHA-256:EC3BF2F15E3279675B18879A08FA7EE4347F0C8009AFC43C100B29EE0938A78B
                                                                                              SHA-512:88C59F32C99DDC529D37F7E0838E168BDAF4ED6F1AF58131F648BE874BD71677605C8F2B4742E4912647009420A79608328901478AB2B365D55AEDD3A19E5D6D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.163 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-19:22:00.164 1d58 Recovering log #3.2024/09/05-19:22:00.164 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):4096
                                                                                              Entropy (8bit):0.3169096321222068
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                              MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                              SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                              SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                              SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.40981274649195937
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                              MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                              SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                              SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                              SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):429
                                                                                              Entropy (8bit):5.809210454117189
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                              Malicious:false
                                                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):2.443834527117451
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:0BCyvkdUL3jelS9nsH4/AztccuuoKwxdU82:mNvkdu3LsHXzCcPo1xdR2
                                                                                              MD5:84DC7712A87B5C0F5F9BBBDF4792B445
                                                                                              SHA1:FF96EC3A4BE02B45318A5656BD25934A0D64271C
                                                                                              SHA-256:51660FC45F9DDD8671BA75735EDD558E2C0324B489F16213C831A3E6B31197C2
                                                                                              SHA-512:5E7000A67C47D23F5F4FE653995E297FA9037F7FD1340260EC8177270A74523A0D359609C4E5C279D9FC96E2D83A1D443FCD7517E95B514A1D800EB12E26B6D3
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):0.6462165387574884
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:HdUOaYNU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNCxdUb:HdZan+GPXBBE3upb0HtTTDxVjUd2
                                                                                              MD5:0ED49B6D0D22C48A8948223E51200E75
                                                                                              SHA1:C0C2280CB2ECEA56AC8BC21691CA59C1565EEABC
                                                                                              SHA-256:A64475D6E1769556EC2396CED99E5D439306CB4C2F6A08F2D3A8251BEF5C7EB1
                                                                                              SHA-512:8D2A85FC8427EA52DE54A8D3D06955F2FCEFBC9BC9C515948A902E6F1C40C0DD4713A70C64F736F1E0D7D3AD2AFC24B4C85536AA7AAFA3AC4EF370DDCEBD50FE
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8720
                                                                                              Entropy (8bit):0.32687995594775426
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:EA/J3+t76Y4QZZofU99pO0BYfM/aqR4EZY4QZvG9F:VhHQws9Ld0M/hBQZG9F
                                                                                              MD5:6DC3365DC7EC04FC29AD5DBB96E71CE0
                                                                                              SHA1:E2E32EF93935DDDDFF8086945E1C8FC1485F89DF
                                                                                              SHA-256:CE089A3AA143BF00979B4BE805D093143F74DF5A23A68068CFE29C60601AFD65
                                                                                              SHA-512:6DFC1AE4405B3C21C1F3E626D23C4CFC780AF6D20363912D8B315400D87BA0F6279317411A222967BF5EA96E19FAEA94C476F40E264CF65A6909F6990AFA477A
                                                                                              Malicious:false
                                                                                              Preview:............2F.i...'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):115717
                                                                                              Entropy (8bit):5.183660917461099
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                              Malicious:false
                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                              Category:dropped
                                                                                              Size (bytes):45056
                                                                                              Entropy (8bit):3.5489775657901883
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:zj9P0U4P/Kbtb773pLvc0QkQerxhkCgam6IWRKToaAu:zdH4P/K7S0e2x+FmRKcC
                                                                                              MD5:56A6FE5C53518E433595B6C42A814CA5
                                                                                              SHA1:354A584ABE054C43D9DE75D0DAFD4C65220C2496
                                                                                              SHA-256:B09ECC57E8510DAA50F1F815AA6BAA266AE8FBD7D6E7079B31F026199B8D81DF
                                                                                              SHA-512:FA426B5907E46A994B772DBD38D37CBE8CBC308EC68396E1856CA9A627D8367A2B1A587D467BCBD227BE1B8FFC8CCA1839CB6F1F94A7156703F31D048C81692C
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):406
                                                                                              Entropy (8bit):5.270354887322092
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PzvYfYeb8rcHEZrELFUt82Yk/+2YE5JfYeb8rcHEZrEZSJ:rYfYeb8nZrExg8/1uJfYeb8nZrEZe
                                                                                              MD5:636E7ED76E0AB64FB7E5F60E1414457B
                                                                                              SHA1:3729E7BA30921CB4771AB317365115E01AE8CBEB
                                                                                              SHA-256:DEEEB04720E84446DD432AA3B95DF2E5CF302ED7072CB5B15FBA9E4E69FB7010
                                                                                              SHA-512:F71C1865B46EF5C4E8F92A06ED47288479F33A4C0642F0D2EDCFF0047C9BCA53554AD43CCE6C6DB176936AF23E18317CDE142DAAD20CD37A24B2035704B2DA0D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.833 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-19:22:00.834 1d58 Recovering log #3.2024/09/05-19:22:00.834 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):406
                                                                                              Entropy (8bit):5.270354887322092
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PzvYfYeb8rcHEZrELFUt82Yk/+2YE5JfYeb8rcHEZrEZSJ:rYfYeb8nZrExg8/1uJfYeb8nZrEZe
                                                                                              MD5:636E7ED76E0AB64FB7E5F60E1414457B
                                                                                              SHA1:3729E7BA30921CB4771AB317365115E01AE8CBEB
                                                                                              SHA-256:DEEEB04720E84446DD432AA3B95DF2E5CF302ED7072CB5B15FBA9E4E69FB7010
                                                                                              SHA-512:F71C1865B46EF5C4E8F92A06ED47288479F33A4C0642F0D2EDCFF0047C9BCA53554AD43CCE6C6DB176936AF23E18317CDE142DAAD20CD37A24B2035704B2DA0D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.833 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-19:22:00.834 1d58 Recovering log #3.2024/09/05-19:22:00.834 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):334
                                                                                              Entropy (8bit):5.216625895612936
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7RLRlq2Pwkn23oH+Tcwt8a2jMGIFUt827RLRd59Zmw+27RLTkwOwkn23oH+Tcw2:PRRlvYfYeb8EFUt82RRd59/+2RT5JfYL
                                                                                              MD5:929389BA4298EE7FE948B2A231CCE0D6
                                                                                              SHA1:5CB1EF72BF0FB122DCB13534F82A89BDD3342C34
                                                                                              SHA-256:5E42565EF1CDC2CE6741F8EEEEDFD491C1E364B5D2DA6F4AC732BAB40C1683DD
                                                                                              SHA-512:8848E79A2528CD171EC0057951B91B88DCA9E7675895C355E1097AF682AAE192E0B623878819AD11E3348C8A1F15B60FF001BA11F02BC5BC74F6894FE31C835D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:59.867 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-19:21:59.868 1ed4 Recovering log #3.2024/09/05-19:21:59.871 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):334
                                                                                              Entropy (8bit):5.216625895612936
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7RLRlq2Pwkn23oH+Tcwt8a2jMGIFUt827RLRd59Zmw+27RLTkwOwkn23oH+Tcw2:PRRlvYfYeb8EFUt82RRd59/+2RT5JfYL
                                                                                              MD5:929389BA4298EE7FE948B2A231CCE0D6
                                                                                              SHA1:5CB1EF72BF0FB122DCB13534F82A89BDD3342C34
                                                                                              SHA-256:5E42565EF1CDC2CE6741F8EEEEDFD491C1E364B5D2DA6F4AC732BAB40C1683DD
                                                                                              SHA-512:8848E79A2528CD171EC0057951B91B88DCA9E7675895C355E1097AF682AAE192E0B623878819AD11E3348C8A1F15B60FF001BA11F02BC5BC74F6894FE31C835D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:59.867 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-19:21:59.868 1ed4 Recovering log #3.2024/09/05-19:21:59.871 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):57344
                                                                                              Entropy (8bit):0.863060653641558
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                              MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                              SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                              SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                              SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):45056
                                                                                              Entropy (8bit):0.40293591932113104
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                              MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                              SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                              SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                              SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\095dbfca-40c5-4ff2-80f9-b2e5972e259b.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):355
                                                                                              Entropy (8bit):5.456387352635156
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcdIQd8Bv31dB8wXwlmUUAnIMp5HdqSQ:YWyX5Sg9vt+UAnIQcW3R7N+UAnI4dVQ
                                                                                              MD5:DFC2B2E0E6F2A98BC1EBEC7F5F644A29
                                                                                              SHA1:070AA339573BC6AFB13F4B5F363BE01048127A47
                                                                                              SHA-256:A05CBFA90317EEB80F2A6476E2B88290FCD32094FEF1CA35AACB63FB5DD82F55
                                                                                              SHA-512:63DBD8CCC48684273A899E52CADAC577C0F1A88CAC537B9103D1A62A42D88D36E15CDDBCD15A7B0C56F5304B76271922AE6889727FD5205405D8A4A69062FFC5
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757114530.002024,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725578530.002028}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2a99b122-d447-42c7-b48c-305a8fad1add.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3cbf1481-57c8-4850-9848-72ef0a7a7d24.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2303
                                                                                              Entropy (8bit):5.264418461442135
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YXsvs8syfcds0gsYWrsGgns++HOsqYs4+HEes7WCpHZbg:3sugwW3a4sY41IZk
                                                                                              MD5:3FE33DD375FC16AF6D098D70E4CB8DF5
                                                                                              SHA1:2D679E0518DAC67BF6F7F0EF5E753B2F0FD4EBD9
                                                                                              SHA-256:D10CF002292456EEB5B003C6E9A691121D84C2CBF251F09DA9BDE9C88F925B87
                                                                                              SHA-512:0D0F255FFC6119416AB3491A8D6E09D1BE59A172868E82AC8ED724D5F27D525F9422DE68BE89B42A8F51F7498A23C52294A5BE137DE23A07546BF24FFD3CEC8C
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644121871110","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644123180184","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644124843507","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644129730283","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"adver

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5da355ef-d974-4df0-a79a-98466d821513.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):355
                                                                                              Entropy (8bit):5.474239035982751
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcdIQFofWlBv31dB8wXwlmUUAnIMp5sw:YWyX5Sg9vt+UAnIQcWeof8R7N+UAnIJQ
                                                                                              MD5:2AFBAF1F6CC7FA03A0FE6B4A025397E8
                                                                                              SHA1:A30D42AE54426EE72BC1FBA7D501BD0AE54776D1
                                                                                              SHA-256:9B8A1CBBCAA66998E962363B5B6875439F66C99ECF0A742690347C7A6D629A02
                                                                                              SHA-512:C9C085B16C149A77709F6F41276BD8AE478C531E8589E89D16CE2B8314CFAD0C7A66A6F441FCB34725EB608BC30FCB6FDC3E4E70609767670B4D841778BCECB8
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757114589.916603,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725578589.916612}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7fd24197-3fb9-48d1-82f4-169511a767ae.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):1.0833772335089151
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8BmsbX8H6U2fURTH72NLVbVlOFyPr:ige+Aum2U5bgB9r
                                                                                              MD5:D2099D5D35060C1A951534F22D42D2D5
                                                                                              SHA1:6372BC2419C8CF6D29D10AA5FBBFDB97C5E5920B
                                                                                              SHA-256:E18C813B03F37CBBB59E8B74B4C82CA0B07CD730D70AF05062BACD5632C81BDB
                                                                                              SHA-512:55F5AA9EAC0AD061DDA8D56ACE41C479CCE4C13BFA66609177E75F9E0C5E6E70508961A79495BB23A865D378D60B08D733A60EB0BCA7F7DEC2A480BE32613D3B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):61
                                                                                              Entropy (8bit):3.926136109079379
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c7f9.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):61
                                                                                              Entropy (8bit):3.926136109079379
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3b269.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):61
                                                                                              Entropy (8bit):3.926136109079379
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4298d.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):61
                                                                                              Entropy (8bit):3.926136109079379
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):1.3311188244976717
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:uIEumQv8m1ccnvS6YDo2dQF2YQ9UZRm1uRVkI:uIEumQv8m1ccnvS6l282rUZRmQd
                                                                                              MD5:A1D230E054381E03B5C76A02A5DEF895
                                                                                              SHA1:113583DF3737A8143038C34EACFD3AD988A62300
                                                                                              SHA-256:2632E27F3CB1C5A23A05BD4B42C09163B21384F7C687B0D7936DDF3C6DC54ACE
                                                                                              SHA-512:16A49F756811F479CCFC25CCC02E6484158D5CBF1B446672306FA94B0712C99332A2392E1B43470989EAAC6B407E32018BD2AFBB886C68408BDF4FEC7666A88A
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a128.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2ae76.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b898.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):203
                                                                                              Entropy (8bit):5.4042796420747425
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                              Malicious:false
                                                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c51b.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):203
                                                                                              Entropy (8bit):5.4042796420747425
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                              Malicious:false
                                                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3c14d.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):203
                                                                                              Entropy (8bit):5.4042796420747425
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                              Malicious:false
                                                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):0.36515621748816035
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a3509d89-d393-4b79-bdb7-0512d5114a10.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a50eca38-321b-4c60-9e72-f282aba6478d.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):111
                                                                                              Entropy (8bit):4.718418993774295
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d12ff19a-80da-44fa-8178-ff84a37c41a2.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d2ddbc0b-4ce9-4774-8e8b-2bf9613a380e.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f106487f-daab-4e33-a6ff-a9523285b476.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2303
                                                                                              Entropy (8bit):5.264486622779165
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YXsvs8syfcds0gsYWrsGgns++HOsqYs4+HEes7WCpHZbZ:3sugwW3a4sY41IZ1
                                                                                              MD5:29BCEC5ED031ED6C2A084890EA8FB2E1
                                                                                              SHA1:A1449710701B459F8C50687AB7B20DF5004E46A5
                                                                                              SHA-256:4D4E4B8F7C84A78E8B8C8329BA71CE3A89DE24231E20843E814CA57FDC68DC97
                                                                                              SHA-512:5585B1B97141DFCEB76E0FD1D99FECCFD18E6D272CC1959CC4F6F5FCFC9CADC98C7DAE7555F1EC327270A95A635C61E664055690E29A9087BE56835677694E1B
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644121871110","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644123180184","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644124843507","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372644129730283","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"adver

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.5744102022039023
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                                                              MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                                                              SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                                                              SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                                                              SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12910
                                                                                              Entropy (8bit):5.167035957146644
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZigaba4uy9J0dAb8Yp358Opj+F34QAnqVa1f:sVsLLA3uiJ0dAbVpUIQ8qO
                                                                                              MD5:4D9D02B37B34B462B676363F04CA2771
                                                                                              SHA1:E3F60888D215EBCE293414815E10F61DA85FFE72
                                                                                              SHA-256:53162BDC7FC2C5618F1F3D1D9D71AD35358BF0F8BCFA1D4468A2B8CC70AB3460
                                                                                              SHA-512:9C554A71B9D7BB8D7731432C99D79266FD4505E8CDBDD2F217D627BD327F4477D06097AA213231C305E9BD077CD35146D90B6773C292E8BFF1CF13D4A280A531
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e025.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12910
                                                                                              Entropy (8bit):5.167035957146644
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZigaba4uy9J0dAb8Yp358Opj+F34QAnqVa1f:sVsLLA3uiJ0dAbVpUIQ8qO
                                                                                              MD5:4D9D02B37B34B462B676363F04CA2771
                                                                                              SHA1:E3F60888D215EBCE293414815E10F61DA85FFE72
                                                                                              SHA-256:53162BDC7FC2C5618F1F3D1D9D71AD35358BF0F8BCFA1D4468A2B8CC70AB3460
                                                                                              SHA-512:9C554A71B9D7BB8D7731432C99D79266FD4505E8CDBDD2F217D627BD327F4477D06097AA213231C305E9BD077CD35146D90B6773C292E8BFF1CF13D4A280A531
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF328b7.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12910
                                                                                              Entropy (8bit):5.167035957146644
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZigaba4uy9J0dAb8Yp358Opj+F34QAnqVa1f:sVsLLA3uiJ0dAbVpUIQ8qO
                                                                                              MD5:4D9D02B37B34B462B676363F04CA2771
                                                                                              SHA1:E3F60888D215EBCE293414815E10F61DA85FFE72
                                                                                              SHA-256:53162BDC7FC2C5618F1F3D1D9D71AD35358BF0F8BCFA1D4468A2B8CC70AB3460
                                                                                              SHA-512:9C554A71B9D7BB8D7731432C99D79266FD4505E8CDBDD2F217D627BD327F4477D06097AA213231C305E9BD077CD35146D90B6773C292E8BFF1CF13D4A280A531
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39df6.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12910
                                                                                              Entropy (8bit):5.167035957146644
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZigaba4uy9J0dAb8Yp358Opj+F34QAnqVa1f:sVsLLA3uiJ0dAbVpUIQ8qO
                                                                                              MD5:4D9D02B37B34B462B676363F04CA2771
                                                                                              SHA1:E3F60888D215EBCE293414815E10F61DA85FFE72
                                                                                              SHA-256:53162BDC7FC2C5618F1F3D1D9D71AD35358BF0F8BCFA1D4468A2B8CC70AB3460
                                                                                              SHA-512:9C554A71B9D7BB8D7731432C99D79266FD4505E8CDBDD2F217D627BD327F4477D06097AA213231C305E9BD077CD35146D90B6773C292E8BFF1CF13D4A280A531
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):33
                                                                                              Entropy (8bit):4.051821770808046
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                              MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                              SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                              SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                              SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                              Malicious:false
                                                                                              Preview:{"preferred_apps":[],"version":1}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36339
                                                                                              Entropy (8bit):5.565896268384059
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:N+EJMcWP+Uf5+8F1+UoAYDCx9Tuqh0VfUC9xbog/OVpa4/o22rw59+DdKp5tu/:N+EJMcWP+Uf5+u1jaAa4A2T59c8tw
                                                                                              MD5:2C404E69C52AA4EE14DAA976D247D8EA
                                                                                              SHA1:9B07D217DAC717F9CC69E88240FAD9866AD43DF4
                                                                                              SHA-256:CFD7087C41D2299536120DB480521730AB9DE2D3A1653301E3F8D6422AB51104
                                                                                              SHA-512:07438CA282FF94125C0D22FFCB6E53A6E0459E3766744BEB8AA4F7BB538EE74A938616973BF6B2AF4FE595946BF5D29D4C7EA01E90F3EB3DAADE1CDD5D1C1B72
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370052118397024","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370052118397024","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2df98.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36339
                                                                                              Entropy (8bit):5.565896268384059
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:N+EJMcWP+Uf5+8F1+UoAYDCx9Tuqh0VfUC9xbog/OVpa4/o22rw59+DdKp5tu/:N+EJMcWP+Uf5+u1jaAa4A2T59c8tw
                                                                                              MD5:2C404E69C52AA4EE14DAA976D247D8EA
                                                                                              SHA1:9B07D217DAC717F9CC69E88240FAD9866AD43DF4
                                                                                              SHA-256:CFD7087C41D2299536120DB480521730AB9DE2D3A1653301E3F8D6422AB51104
                                                                                              SHA-512:07438CA282FF94125C0D22FFCB6E53A6E0459E3766744BEB8AA4F7BB538EE74A938616973BF6B2AF4FE595946BF5D29D4C7EA01E90F3EB3DAADE1CDD5D1C1B72
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370052118397024","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370052118397024","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):364
                                                                                              Entropy (8bit):4.021167186783396
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:S85aEFljljljljljljlIflaDEhBnUDBYw+CA5EEE:S+a8ljljljljljljlIfULBX+CA
                                                                                              MD5:1DFEBD0727F385B0DD753F58218D714B
                                                                                              SHA1:8DFAEA71952E8201764AE28112AFB034EA4CF0CC
                                                                                              SHA-256:8945CA7797139A15D881C6352DDACE36D847E2F778A2DFD270E343B976D1E874
                                                                                              SHA-512:579D347D0515682F1CCCA441A0370D14271E98BB25C1ED2E641FBFA8C8D43EF47A83CD69A06B6382E6FCC7EDB4B066CB4F7F61336E094D3523CE275A8D139123
                                                                                              Malicious:false
                                                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f................-X}j................next-map-id.1.Knamespace-6c6bd8e3_488a_4b24_8e1f_2b43533bcb6b-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.096067873715087
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PWq2Pwkn23oH+TcwtrQMxIFUt82ZZmw+21FkwOwkn23oH+TcwtrQMFLJ:PWvYfYebCFUt82Z/+2L5JfYebtJ
                                                                                              MD5:AF6E6834C376B57FA2DB454621BF5D9E
                                                                                              SHA1:1A7FA61E2E76855A6819519EC390A5A01C3D15D6
                                                                                              SHA-256:D33ABCBF5CA59590494F25AA74C11316F5667E6CCA29982BF13098D695E419CA
                                                                                              SHA-512:B70D49CB86F3328B6E878C3F0C6922F232CF5D2A4FBA8DB68D6A9B549B39381EFC40CE64F7C19A2983ECACA99C72EB3D84FF5459F07B037A9091D2CD209C6339
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.191 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-19:22:00.197 1ed4 Recovering log #3.2024/09/05-19:22:00.203 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):322
                                                                                              Entropy (8bit):5.096067873715087
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PWq2Pwkn23oH+TcwtrQMxIFUt82ZZmw+21FkwOwkn23oH+TcwtrQMFLJ:PWvYfYebCFUt82Z/+2L5JfYebtJ
                                                                                              MD5:AF6E6834C376B57FA2DB454621BF5D9E
                                                                                              SHA1:1A7FA61E2E76855A6819519EC390A5A01C3D15D6
                                                                                              SHA-256:D33ABCBF5CA59590494F25AA74C11316F5667E6CCA29982BF13098D695E419CA
                                                                                              SHA-512:B70D49CB86F3328B6E878C3F0C6922F232CF5D2A4FBA8DB68D6A9B549B39381EFC40CE64F7C19A2983ECACA99C72EB3D84FF5459F07B037A9091D2CD209C6339
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.191 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-19:22:00.197 1ed4 Recovering log #3.2024/09/05-19:22:00.203 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370052120911181

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):9691
                                                                                              Entropy (8bit):4.178544782085588
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:3kENd83P10VEda3P10qd6dp3P10qdgeuL3P10:810VX10510910
                                                                                              MD5:573806489D58AA01E1207B67EB99BC36
                                                                                              SHA1:B2125A1424898C0C864EDAB349FCA9A45904C889
                                                                                              SHA-256:3A9B8FEE08EEBD026025B652FF31AD92755CC80B905A1592D2E1FD72F340660E
                                                                                              SHA-512:E8F26A44B97B04788B0C569BFC5F653439EB8739B02307E1A990A08613AE57D38FC8AA2C92C5D47F9F03F9F90F4B99AD93188ACC72C2029FCE94F757EF03E6AA
                                                                                              Malicious:false
                                                                                              Preview:SNSS..........P..............P......"...P..............P..........P..........P..........P....!.....P..................................P...P1..,......P$...6c6bd8e3_488a_4b24_8e1f_2b43533bcb6b......P..........P..................P......P..........................P..........................P....................5..0......P&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}........P.............P..........................P..............P....>...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3qLLmCfSUsaj5PoNyANexJepkKc8VmvLRMmA8dLRwvnqUfotU9hFcLD_HyiYBZHPp5ZVZ9sFg&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1476552617%3A1725578523972120&ddm=0..............!.......................................................................................................N..g!..O..g!..P.......h...............`...........................................................>...h.t.t.p.s.:././.a.c.c.o.u.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.44194574462308833
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):350
                                                                                              Entropy (8bit):5.1378186665377825
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7Oyq2Pwkn23oH+Tcwt7Uh2ghZIFUt8271O81Zmw+271OqRkwOwkn23oH+Tcwt7w:PXvYfYebIhHh2FUt825O81/+25OO5Jf0
                                                                                              MD5:0C865FE7DC6A4CA55C09371808C7E609
                                                                                              SHA1:877CD1DF3DFBCCB54A6A92C15BF07DBF3CA5FFC3
                                                                                              SHA-256:BB21859B73B4E1D62CE3BABA33AA633A5A506CE6FBCCF7F263879D8380141556
                                                                                              SHA-512:525C2C0B241FAD3F9609323CDFA8C5044D733992E15F91B0E7F0E0EA96EAC8976B2E9655EA878C929C15DAA5C088A43A688A84D7AC43435D65D09632FB5DA51D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:58.510 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-19:21:58.511 1dc0 Recovering log #3.2024/09/05-19:21:58.511 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):350
                                                                                              Entropy (8bit):5.1378186665377825
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7Oyq2Pwkn23oH+Tcwt7Uh2ghZIFUt8271O81Zmw+271OqRkwOwkn23oH+Tcwt7w:PXvYfYebIhHh2FUt825O81/+25OO5Jf0
                                                                                              MD5:0C865FE7DC6A4CA55C09371808C7E609
                                                                                              SHA1:877CD1DF3DFBCCB54A6A92C15BF07DBF3CA5FFC3
                                                                                              SHA-256:BB21859B73B4E1D62CE3BABA33AA633A5A506CE6FBCCF7F263879D8380141556
                                                                                              SHA-512:525C2C0B241FAD3F9609323CDFA8C5044D733992E15F91B0E7F0E0EA96EAC8976B2E9655EA878C929C15DAA5C088A43A688A84D7AC43435D65D09632FB5DA51D
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:58.510 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-19:21:58.511 1dc0 Recovering log #3.2024/09/05-19:21:58.511 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):524656
                                                                                              Entropy (8bit):5.027445846313988E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsulJ3+:LsQ+
                                                                                              MD5:F2119DB6B800ED0D18A265490F29DA25
                                                                                              SHA1:98F17EE80CAE1737A7E01775CDAFF5AEE7163945
                                                                                              SHA-256:5A2DB624A5176EB9C69E3D9713B251F828DBB7B189E129D199B478F1011AA376
                                                                                              SHA-512:238EDCFED689D4EE23745CB4D20C6B807A1D52FCC535F16F880E047427BB8F1AEE532511C4FD43557C3839388796F954955D6F038E18E24CF671B1EE6A3D5A94
                                                                                              Malicious:false
                                                                                              Preview:........................................F..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNlf:Ls3
                                                                                              MD5:A95EAF9F13D1DE4DADAD42AF73F49E53
                                                                                              SHA1:6701EEC5E5847006EADE4A95041D4D61C02DD462
                                                                                              SHA-256:9B29F1B40C3F9A0045F0C769C83C49273572B20F80D50E4640C9622ED2AC5D06
                                                                                              SHA-512:9EB5594651F39B33E1A624944C69402D47D97588DB51344CEFD83E1EF34E782F5D4F5392DCB0F90C9363B7DB36D68F128B6C8956E23695D68D30FFB5C1440BD6
                                                                                              Malicious:false
                                                                                              Preview:.........................................w@.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):432
                                                                                              Entropy (8bit):5.209562553119226
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PBvYfYebvqBQFUt82B/+2w5JfYebvqBvJ:FYfYebvZg8LJfYebvk
                                                                                              MD5:83DD0948C31E05C96839F252DA90E8E8
                                                                                              SHA1:063520594078039CD065F84204CEE26F03F82B93
                                                                                              SHA-256:4E6AD3E1E9E65E80DFA706585EA5A470AE3DB6B40BEF25CF79B7D3BB9EDBDAE7
                                                                                              SHA-512:3BFFC642FBDE8467CFA66AC9B51E4C730F92C7203877F2D14C400EF4A579ECBCFD95BBFA4F2613045869C85D652F69613E63E93851357ADE64A237BE47B9EEE1
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.213 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-19:22:00.214 1ed4 Recovering log #3.2024/09/05-19:22:00.217 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):432
                                                                                              Entropy (8bit):5.209562553119226
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PBvYfYebvqBQFUt82B/+2w5JfYebvqBvJ:FYfYebvZg8LJfYebvk
                                                                                              MD5:83DD0948C31E05C96839F252DA90E8E8
                                                                                              SHA1:063520594078039CD065F84204CEE26F03F82B93
                                                                                              SHA-256:4E6AD3E1E9E65E80DFA706585EA5A470AE3DB6B40BEF25CF79B7D3BB9EDBDAE7
                                                                                              SHA-512:3BFFC642FBDE8467CFA66AC9B51E4C730F92C7203877F2D14C400EF4A579ECBCFD95BBFA4F2613045869C85D652F69613E63E93851357ADE64A237BE47B9EEE1
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:00.213 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-19:22:00.214 1ed4 Recovering log #3.2024/09/05-19:22:00.217 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2cb170c4-eaaa-4ef8-ad83-c323db9b0992.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7f89cfb7-d5d5-4a06-a075-91991032ea72.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8d96746d-4daa-42c0-8120-f4fcb4d04710.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF2d5c4.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3ba39.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF4298d.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):0.555790634850688
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                              MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                              SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                              SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                              SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2ae95.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b898.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):0.36515621748816035
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\cecf4d4e-8fa5-4517-a713-0fd5e6ea8a7b.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):111
                                                                                              Entropy (8bit):4.718418993774295
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e66c65ee-ee19-4a13-b52d-6f36d7f92041.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f0344fcf-b8b7-4200-bc86-ce215c457a76.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):111
                                                                                              Entropy (8bit):4.718418993774295
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f2d6a50e-7201-4d2f-99d0-6e72ae0d2559.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):193
                                                                                              Entropy (8bit):4.864047146590611
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):80
                                                                                              Entropy (8bit):3.4921535629071894
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                              Malicious:false
                                                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):420
                                                                                              Entropy (8bit):5.2485108377092065
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PeOIvYfYebvqBZFUt82ed/+2eAF5JfYebvqBaJ:gYfYebvyg8pXJfYebvL
                                                                                              MD5:4D64843DB99C988A039CAC0DBDFD1FEB
                                                                                              SHA1:A8F0AF1E877F6C90FF9CFB3FB969E500EBC8B9B5
                                                                                              SHA-256:B3E004DB2C7F993114C2734F19EEEA2DF990CF17D64848E31A2497E2D3BCB9F4
                                                                                              SHA-512:E1977044E03233EE6EBF01DD75E617C24713A47F0E258891E1E7AC6E5FF1A196E7D4F486131F28EF1A3D1D47EC69592FCE3CC5EF2626E5A0E9B07C1E6C10A13B
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:15.799 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-19:22:15.800 1ed4 Recovering log #3.2024/09/05-19:22:15.803 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):420
                                                                                              Entropy (8bit):5.2485108377092065
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PeOIvYfYebvqBZFUt82ed/+2eAF5JfYebvqBaJ:gYfYebvyg8pXJfYebvL
                                                                                              MD5:4D64843DB99C988A039CAC0DBDFD1FEB
                                                                                              SHA1:A8F0AF1E877F6C90FF9CFB3FB969E500EBC8B9B5
                                                                                              SHA-256:B3E004DB2C7F993114C2734F19EEEA2DF990CF17D64848E31A2497E2D3BCB9F4
                                                                                              SHA-512:E1977044E03233EE6EBF01DD75E617C24713A47F0E258891E1E7AC6E5FF1A196E7D4F486131F28EF1A3D1D47EC69592FCE3CC5EF2626E5A0E9B07C1E6C10A13B
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:22:15.799 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-19:22:15.800 1ed4 Recovering log #3.2024/09/05-19:22:15.803 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):326
                                                                                              Entropy (8bit):5.214666683599383
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P75Gyq2Pwkn23oH+TcwtpIFUt827sr1Zmw+27s9RkwOwkn23oH+Tcwta/WLJ:PlbvYfYebmFUt82a1/+2c5JfYebaUJ
                                                                                              MD5:B917B8DFD8BDB2515FBF177449302958
                                                                                              SHA1:911201BBA4404A2DE097A4BFC5C35AADE3D3775B
                                                                                              SHA-256:5774C46AA4B977B139DF02E82BC8FEBC718AB4AD2CBFD924F2BAE50A3E3F507B
                                                                                              SHA-512:92C08690271596E8659039F4ACDED94BF95C19C0141A0B5A2DFBF9306C229771395D115728EA123E82F208F1BA18EABDF0DABA09A27850C6766E3F69E27279C1
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:58.439 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-19:21:58.440 1dc0 Recovering log #3.2024/09/05-19:21:58.440 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):326
                                                                                              Entropy (8bit):5.214666683599383
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P75Gyq2Pwkn23oH+TcwtpIFUt827sr1Zmw+27s9RkwOwkn23oH+Tcwta/WLJ:PlbvYfYebmFUt82a1/+2c5JfYebaUJ
                                                                                              MD5:B917B8DFD8BDB2515FBF177449302958
                                                                                              SHA1:911201BBA4404A2DE097A4BFC5C35AADE3D3775B
                                                                                              SHA-256:5774C46AA4B977B139DF02E82BC8FEBC718AB4AD2CBFD924F2BAE50A3E3F507B
                                                                                              SHA-512:92C08690271596E8659039F4ACDED94BF95C19C0141A0B5A2DFBF9306C229771395D115728EA123E82F208F1BA18EABDF0DABA09A27850C6766E3F69E27279C1
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:58.439 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-19:21:58.440 1dc0 Recovering log #3.2024/09/05-19:21:58.440 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.26707851465859517
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                              MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                              SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                              SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                              SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):131072
                                                                                              Entropy (8bit):0.005567161523650777
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ImtVx//l/7V3k/tyE/l88Y/t:IiVt/n3k/4EtFYt
                                                                                              MD5:6CDCDCA20CC636F7F2084D659E5882A3
                                                                                              SHA1:617341FEFC06A913D07931BE3225C5640B1B48ED
                                                                                              SHA-256:D7D527F0205A31D49072D4C3C3CC0CDADB7B1F06FEB4836F6FB096DA33E986F1
                                                                                              SHA-512:1775A2E062E5D2A91A8935C86E4A97C1F7757D4B997467AC75C0810382DBA61C1775F89E13E845EA9A8D1B9484BAA3654B709D9D21803470A6E0E93F7F62C037
                                                                                              Malicious:false
                                                                                              Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                                              Category:dropped
                                                                                              Size (bytes):184320
                                                                                              Entropy (8bit):1.067204330359361
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:QSqzWMMUfTinGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYOwt9hn6:QrzWMffGnzkkqtXnTK+hNH+5EVumM
                                                                                              MD5:F0BD260C1924A614321C81B58204AAA4
                                                                                              SHA1:995DB559A7011BB752CE07BC10CB215689EFDDA0
                                                                                              SHA-256:AA1AF00E2E5DD7F78DD37D1E20572B5D112530C04175A58C1737BF38777A28F1
                                                                                              SHA-512:7A41F4C30142999857D04B2FF936F35A122851440F922818480818F8A5418606EAE09A140ECFD0F09FC6897874C3870FBA2C2F57809FA66118B820A4529FDFF2
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                                              Category:dropped
                                                                                              Size (bytes):14336
                                                                                              Entropy (8bit):1.4163310372690283
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgj2RyGU+m+cH2RyGU+mSxj/:PtSjGhp22iS3dURedUw
                                                                                              MD5:3087FD6C5082327B8E995289933B7FA5
                                                                                              SHA1:00647612256D606D1EEA13439C877D04F4A84E5F
                                                                                              SHA-256:84100209BC6782C337909F906BFF1D27D1EE2591B6FB37965E99984EEDE3857D
                                                                                              SHA-512:C008250439CD6601D4730463FB9FD661B2FF1CA3A521F0E6B2BA4C8BFC2BA1DE7EB8EFB8B13D8D435BB15C912614BE632DC57AF413DEC21C297B3670E55D29D6
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):40960
                                                                                              Entropy (8bit):0.41235120905181716
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a2f6429d-5542-4a0f-8094-ed5c919040d0.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13518
                                                                                              Entropy (8bit):5.241765799737175
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZiuaba4uy9J0dmMVb8Yp358Opj+F34QAnqVa1f:sVsLLAJuiJ0d3bVpUIQ8qO
                                                                                              MD5:C91EE8AD4CDEE1EE428CB3A2F7F1526C
                                                                                              SHA1:B578718A7B3F18D026DDDC803A6FE04234DA5283
                                                                                              SHA-256:96449A8A785F1375FEF36971265618EE6601921EEB49CF2A1C66BF070E98978B
                                                                                              SHA-512:096AF51BAFD552C0410D5DCBA655E3800719A3B818D97782CFB5C3EEABA1CFA3DA7F25802A3A05B2BCDBA017A3AEB64755F9CB6871D85F6E806EBF38CF7F451A
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):11755
                                                                                              Entropy (8bit):5.190465908239046
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                              Malicious:false
                                                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c6d8621d-a6e8-4d70-88b1-09289cb12eb4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):39694
                                                                                              Entropy (8bit):5.562338740987916
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:N+EJfa7pLGLvKcWP+Ufe+8F1+UoAYDCx9Tuqh0VfUC9xbog/OVpa4/o22rw59KDj:N+EJfycvKcWP+Ufe+u1jaAa4A2T59I8A
                                                                                              MD5:75788337520C0CBC09CAEC8A3E4A661C
                                                                                              SHA1:5B54FDB93DFA8DF499564CA114EC1C086AE4519E
                                                                                              SHA-256:6CF39FB934F90533193A6EE8F9F0B1ACC781CBAFC9A7691765A5D44F99F803B2
                                                                                              SHA-512:6D542C5B468CDC68F6C76D7330FF2040E502B07B16FA5C8B26BF4384220521A0B2D7E79BED7041975CE5ADE8A027F8EA1F1A110D5CB92043B564F0C2B9C22F6C
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370052118397024","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370052118397024","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d6cfb1b2-c29d-469e-a258-02909c063610.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12910
                                                                                              Entropy (8bit):5.167035957146644
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:sVsLJ9pQTryZigaba4uy9J0dAb8Yp358Opj+F34QAnqVa1f:sVsLLA3uiJ0dAbVpUIQ8qO
                                                                                              MD5:4D9D02B37B34B462B676363F04CA2771
                                                                                              SHA1:E3F60888D215EBCE293414815E10F61DA85FFE72
                                                                                              SHA-256:53162BDC7FC2C5618F1F3D1D9D71AD35358BF0F8BCFA1D4468A2B8CC70AB3460
                                                                                              SHA-512:9C554A71B9D7BB8D7731432C99D79266FD4505E8CDBDD2F217D627BD327F4477D06097AA213231C305E9BD077CD35146D90B6773C292E8BFF1CF13D4A280A531
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370052119937760","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.3410017321959524
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):16384
                                                                                              Entropy (8bit):0.35226517389931394
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                              MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                              SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                              SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                              SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.09744724341714794
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:Ct30ASqot30ASyHFnnnnnnnnnnnnnnpEo:W3P43Xlnnnnnnnnnnnnnnpj
                                                                                              MD5:B470505F98338B6EA2A0F29C4B83E344
                                                                                              SHA1:C2F01B54C0F612323CE81130B7D9D10FD15E7E16
                                                                                              SHA-256:5FC04C447EB667388FF4FFC406A3418D0A59B86CF699CBA754A5F61789E9643D
                                                                                              SHA-512:DF470495851D2E1C14E823AD0BB27830BC28BFB561D91268CCF22743D33F884290A6A0B812E6E60E9123658CD33FAABC6A6D16A1C9777AA8F7A89AF12C3C986F
                                                                                              Malicious:false
                                                                                              Preview:..-.............H.......p...Dx....;t....U.9yQ..-.............H.......p...Dx....;t....U.9yQ........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                              Category:dropped
                                                                                              Size (bytes):296672
                                                                                              Entropy (8bit):1.0146155613384047
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:TQ5909+887MSBkJU0ksnUdkN/nUDkBpH/nUAk2d9H/nUGkrm9H/nUZkbU+m9H/nd:059LZQbsgB2hCZK4dXcyIsS
                                                                                              MD5:2A270C84EB33D15CBA317F10FB9AC89A
                                                                                              SHA1:51BE2C7A1612C63FEC40BF8438BE866282D77FF7
                                                                                              SHA-256:33D9B759E1031CF5A3D189A75064C1E1D7FF5A40605FDB9A60B3DACFA18A1163
                                                                                              SHA-512:692E96E4AAECE068F7F0B7F80CAE9E4F978D9C52759BFCD22652F77ECEFB2B0C9CFEE7808E195FD5607333BA69A780623055E2186CAE1C730D05998A08D6A7A0
                                                                                              Malicious:false
                                                                                              Preview:7....-.............;t.....gW............;t..N.....B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):250
                                                                                              Entropy (8bit):3.696891878236998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:VVXntjQPEnjQchm/ll3seGKT9rcQ6x9yOtlTxotlTxotlTxotlTxotlTxotlTxoX:/XntM+Jwll3sedhOYOuuuuuu
                                                                                              MD5:CA500BDCF3F1014C6F1BB93DFB7C1986
                                                                                              SHA1:29FF93DA972FCECBB6B81EFA95F2C59C87E8F940
                                                                                              SHA-256:6C49AE6E0E76C0298C80E78DD6CD9500CE5C00BCC1280B9F83BA607E47956B07
                                                                                              SHA-512:491AB1D77CFA09E60928A980FD6160214843D21D518F0A903055E963F5141B6C498EBE611095E15C6B0369CC7CD20B8EED7DC413B736E40184ED13DA29C6A363
                                                                                              Malicious:false
                                                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1s..U0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):281
                                                                                              Entropy (8bit):5.215292999265151
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7RLc4RM1wkn23oH+Tcwtfrl2KLll7RLcQH0Vq2Pwkn23oH+TcwtfrK+IFUv:PR3RrfYeb1LnRhsvYfYeb23FUv
                                                                                              MD5:8A3B05D8D92B5B7528125F9885B3845A
                                                                                              SHA1:E64C4F4E0807BEDFB313528DCE8E0C0A8A314AE2
                                                                                              SHA-256:1501350AD64BF5F10F416F2550CA089217C88EBD5858A46D2BE910E67C30D6A1
                                                                                              SHA-512:016F9DA234E012793697715835BD2BE1DEEDF6BC3BB5A1057104898583115B4D0E1A6785FD9B632E7D5011C0B1FEC2F146B2A022DA4F6297754BF8BBA3F154F2
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:59.985 1db4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/05-19:21:59.991 1db4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):617
                                                                                              Entropy (8bit):3.9325179151892424
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                                                                              MD5:AD15D72AA4792C14DDD002CED70E8245
                                                                                              SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                                                                              SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                                                                              SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                                                                              Malicious:false
                                                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):299
                                                                                              Entropy (8bit):5.191005462253661
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7RLcDRM1wkn23oH+Tcwtfrzs52KLll7RLc1Vq2Pwkn23oH+TcwtfrzAdIFUv:PRURrfYebs9LnROvYfYeb9FUv
                                                                                              MD5:34CFA799E009540A3ECD17B3588FF115
                                                                                              SHA1:E8A506C01F853511C46ECCD8833437791AB8C1B0
                                                                                              SHA-256:F1110A75A6F2EC1B2B1ABA6D76A1963995FC0BB9CE2979A599A1BB5A8CB7D01F
                                                                                              SHA-512:CAF3C0F29AD660685601035D3C22E4712FE6A8335A85DB25998FF9584B19EAF5D4D5AD20A10AC471AC01E2DFA6F1B986C9CBEFE463F98355A08B39CEA93C2CFA
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-19:21:59.946 1db4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/05-19:21:59.982 1db4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNlCoFl:Ls3CoFl
                                                                                              MD5:35E8F35FA9416665C0AF4BA8BCEC3F41
                                                                                              SHA1:7D35A0F6F13F90B93A42A4E492387F33D313241C
                                                                                              SHA-256:D9EDC275D42618FA47BFE4C7CAEFC4A2457EE8BA5277026876E9E0666DACD103
                                                                                              SHA-512:EA0D01ED2281B9679869DDEFE9CF8C516E3C1C7155FFD0F4FC6151BC4142AA62227D9304E396999F069E49FD5AE0695CC9804334020BDD68E356A23066942864
                                                                                              Malicious:false
                                                                                              Preview:.........................................,M.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNl+ryYaa:Ls3+C
                                                                                              MD5:7EF8635FFC9690F8604A817814DAC606
                                                                                              SHA1:909EF40D73863BFD4CA5151F8BC27F9ECFA9D8CC
                                                                                              SHA-256:D4B966DC038744EC4AA47C009B3B5FF11D99035C9367F9E2A2E58BECBF127839
                                                                                              SHA-512:17A64781D37A75079ADC6BB88C335E927E96C4DDFC9FB1A341200EAF8FD7283B13EEDF1E8C51BAD83FC615B68A2CEC41ED5C843C1A95B8913527C5EF3FAC5CAC
                                                                                              Malicious:false
                                                                                              Preview:........................................E.N.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):120
                                                                                              Entropy (8bit):3.32524464792714
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                              Malicious:false
                                                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):13
                                                                                              Entropy (8bit):2.7192945256669794
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                              Malicious:false
                                                                                              Preview:117.0.2045.47

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28a35.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28a44.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28dde.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28ec9.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b3a6.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d576.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d5d4.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f459.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f478.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d1c.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c42c.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fcb0.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6820
                                                                                              Entropy (8bit):5.792997794200854
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:iaqkHfbmkR5ih/cI9URLl8RotoAMFVvlwhXMe4IbONIeTC6XQS0qGqk+Z4uj+rj1:akTmk+eiRUThs6qRAq1k8SPxVLZ7VTiq
                                                                                              MD5:CE26B049051DFAF0858E25297AA8D558
                                                                                              SHA1:11679E2693A10DBAFB60EC7B3EA339A94C1DCBF9
                                                                                              SHA-256:AF1F05E00F7847879C7BC15779A8108737EA5E2D70E3FD8A0BA5F79DC31EE01D
                                                                                              SHA-512:B390F7A53CA552D87586916D7D04A6B1F148BDB93F9FA6DDAAC94518D24C721E08DF847B3CF51C06002C69911CAB4C0012255BBAA47A6ECD926A57913D61E60B
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABHTztuAKm8RI9HQQEdwB+LEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACG6+H3tA3j2WOzE/hUTLqMaSoFQSIoTbQQc/sKqN0C7AAAAAA

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.5963118027796015
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.01057775872642915
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsFl:/F
                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                              Malicious:false
                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.011852361981932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8192
                                                                                              Entropy (8bit):0.012340643231932763
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                              Category:dropped
                                                                                              Size (bytes):262512
                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:LsNl8A:Ls38A
                                                                                              MD5:F1A2E09227DD77A3E80EBBEC00CFDB4C
                                                                                              SHA1:8AFB31F0DFB87C8468B340F4C6FB8AA4FD85F7C8
                                                                                              SHA-256:D48B4E4A4C13B4E703EA4A6C8CD58F8C46F59D3F28AB27C2B2ECF614E199A5C0
                                                                                              SHA-512:3A95F3CDF5C94D3444E65417D7CADE3B4F7027B3BC7CBFF51133E77145006DCDFD99D272005BA705FB7808205B1458627A25F3CD33F1A9D1136E1D07A3E87238
                                                                                              Malicious:false
                                                                                              Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):47
                                                                                              Entropy (8bit):4.3818353308528755
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                              MD5:48324111147DECC23AC222A361873FC5
                                                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                              Malicious:false
                                                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):35
                                                                                              Entropy (8bit):4.014438730983427
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                              Malicious:false
                                                                                              Preview:{"forceServiceDetermination":false}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):29
                                                                                              Entropy (8bit):3.922828737239167
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:2NGw+K+:fwZ+
                                                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                              Malicious:false
                                                                                              Preview:customSynchronousLookupUris_0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):35302
                                                                                              Entropy (8bit):7.99333285466604
                                                                                              Encrypted:true
                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                              Malicious:false
                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):18
                                                                                              Entropy (8bit):3.5724312513221195
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                              MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                              SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                              SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                              SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                              Malicious:false
                                                                                              Preview:edgeSettings_2.0-0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3581
                                                                                              Entropy (8bit):4.459693941095613
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                              MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                              SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                              SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                              SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                              Malicious:false
                                                                                              Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):47
                                                                                              Entropy (8bit):4.493433469104717
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                              Malicious:false
                                                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):35302
                                                                                              Entropy (8bit):7.99333285466604
                                                                                              Encrypted:true
                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                              Malicious:false
                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):50
                                                                                              Entropy (8bit):3.9904355005135823
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                              Malicious:false
                                                                                              Preview:topTraffic_170540185939602997400506234197983529371

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):575056
                                                                                              Entropy (8bit):7.999649474060713
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                              Malicious:false
                                                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):86
                                                                                              Entropy (8bit):4.389669793590032
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                                              MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                                              SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                                              SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                                              SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                                              Malicious:false
                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c87a5443-81d2-4f32-aa9b-1c6a209b5bb5.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):8106
                                                                                              Entropy (8bit):5.813235543320242
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:asNATmkReiRU49QTk6FM6qRAq1k8SPxVLZ7VTiq:asNASkhlCQ6FM6q3QxVNZTiq
                                                                                              MD5:3EDACCFAA6880A891C447259EAC114AF
                                                                                              SHA1:B414153BFBA22A4A2435A93E9879EF80AD09B9BA
                                                                                              SHA-256:66BC2740C8FDBB0ED953A9B33B21AA837B5E7A7A0F811D88FAA94BCD12D98280
                                                                                              SHA-512:D8F45BA3BBE9E9FB629CA4BD204CC8B55CBCD5F1D3D6242367A4902CCCF95114E3BCFEE248460B9ACF858130E4FFE24B2237A6C5601B353ABEA3D66107594511
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e7aebab9-3b77-4769-bcb8-e31c02e66422.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):8321
                                                                                              Entropy (8bit):5.785927589584663
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:fsNwTmkReiRUNojKlk6/T6qRAq1k8SPxVLZ7VTiQ:fsNwSkhouK26b6q3QxVNZTiQ
                                                                                              MD5:52D6F192820CA72E1397F55D1CEAEA0C
                                                                                              SHA1:39A74309F8B4CE83EE037684384B4A057474FE00
                                                                                              SHA-256:A4AC7FA11BF243E427B86F67BBA2CA79E62950B395CF4A465ADC2A76EF0AD306
                                                                                              SHA-512:3917F9F0ADB7796740C74EDD59F94E32D495CA9D3FDCDC3CAA91B52F111C44D199FEE414BADBDB1AD005BA1EF91B72E677CBA819FFB029566126F0336709A2E7
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f029ad1a-5b15-4c35-b526-502b68e815bb.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):25053
                                                                                              Entropy (8bit):6.030851993119657
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:BMGQ7FCYXGIgtDAWtJ4E1o+/qAfT7K266S3xXNd:BMGQ5XMB313ooMXNd
                                                                                              MD5:756410D4E10931E98AF5562866F99E3F
                                                                                              SHA1:9454A0E90773F466524E4323C5545EE47B273DE4
                                                                                              SHA-256:3D59C47158B6F4279B8A771F70EB87EBA9F4A79A869D0D6CC97E986731B8072A
                                                                                              SHA-512:570CDA624E8CA2143A29902993A4E01B8E17397B3B51F27EF8C4F8FD53D439E3B5F493D64F4FF5369DA8A8EE7B3B6931689097E14C7F7FD18D63F9C505598DDE
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370052120098523","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f1a36467-92f6-498a-9dba-fabf74ed45df.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):8106
                                                                                              Entropy (8bit):5.813235543320242
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:asNATmkReiRU49QTk6FM6qRAq1k8SPxVLZ7VTiq:asNASkhlCQ6FM6q3QxVNZTiq
                                                                                              MD5:3EDACCFAA6880A891C447259EAC114AF
                                                                                              SHA1:B414153BFBA22A4A2435A93E9879EF80AD09B9BA
                                                                                              SHA-256:66BC2740C8FDBB0ED953A9B33B21AA837B5E7A7A0F811D88FAA94BCD12D98280
                                                                                              SHA-512:D8F45BA3BBE9E9FB629CA4BD204CC8B55CBCD5F1D3D6242367A4902CCCF95114E3BCFEE248460B9ACF858130E4FFE24B2237A6C5601B353ABEA3D66107594511
                                                                                              Malicious:false
                                                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):2278
                                                                                              Entropy (8bit):3.8478847131896066
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:uiTrlKxrgxAJxl9Il8u/foIiq2M3ZxGbRvUzd1rc:mj9YJfoIiwubaU
                                                                                              MD5:E737968F0D279FEF2AD3DF00A09ABE1D
                                                                                              SHA1:D41D84C55EE0844E525F6536F17AF28BFD9A306B
                                                                                              SHA-256:7407F63AFB8C2E7ABE45F45C401860C758810CAC179919E5C61E490B7D6C9BC5
                                                                                              SHA-512:EF0EF79DA6EACE3FDEDE9346A30DE69E88AAAF10A131ECF05B0E044A7203BB03CCF6B7C618F07805B348BA28897AFB94B080B2BB9D8DBC1A7AB261243E5DC4F5
                                                                                              Malicious:false
                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.f.3.y./.L./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.0.8.7.b.g.

                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4622
                                                                                              Entropy (8bit):3.999683715890977
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:a8YJfYU3Cx7T+PEVSnFHDbIaelNU+ZRm33OEWDbX0:l0fYUWT+USFnuNU+mBWM
                                                                                              MD5:B11E00E2E22965AD1A62AA95D4D6456B
                                                                                              SHA1:349CBD93FEFB7E2811D4B23023E33E22CCF41D47
                                                                                              SHA-256:2E5467C121D6D54C025ACDE03364EAD681A86A4673D279DD76F1873C0FDBBA4E
                                                                                              SHA-512:091AE859B17B150617CE26780F811D411ADF9D8DC06CDE685A5BBCCEF6F7F0A01C14D7EFAFC4F2349B966C23A1896918662671FFAB95391455E4810C6691625E
                                                                                              Malicious:false
                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.r.+.+.s.e.r./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.0.8.7.b.g.

                                                                                              C:\Users\user\AppData\Local\Temp\0275021a-ae5c-4877-bbf8-2e5b93601178.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 695599
                                                                                              Category:dropped
                                                                                              Size (bytes):530040
                                                                                              Entropy (8bit):7.998053685663942
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:G1R8Gfv7zfAegwBbDLTpYZBWqYw902JbUVMf+xVmY6ChWH1:SrvvBbnTABEw9LhG2+xVmYbK
                                                                                              MD5:D2453C4B7984CA98FED59E6DDCB5A88C
                                                                                              SHA1:BA6EAAD0158C7C363F4033F75A215EF5D5A57662
                                                                                              SHA-256:943E51E4D840AA8B0D6696428AFE6D3C9AAF6D7001AFD7C5C40ED9EFA02B11E6
                                                                                              SHA-512:86DC371D91B15877ADBAD8E410FF87146DEFBB60DE48DE02F7353219FCFB3DD2C9679B051D3D246FE715DD6F64FFC3CECDE32B9932CE4485279FC693D48FAE22
                                                                                              Malicious:false
                                                                                              Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                                              C:\Users\user\AppData\Local\Temp\1919c7dc-5b07-4a44-b5e0-c2effcc832df.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                              Category:dropped
                                                                                              Size (bytes):206855
                                                                                              Entropy (8bit):7.983996634657522
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                              Malicious:false
                                                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                              C:\Users\user\AppData\Local\Temp\2647ec32-9916-42cf-bf38-28641c81f361.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                                              Category:dropped
                                                                                              Size (bytes):76319
                                                                                              Entropy (8bit):7.996132588300074
                                                                                              Encrypted:true
                                                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                                              MD5:24439F0E82F6A60E541FB2697F02043F
                                                                                              SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                                              SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                                              SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                                              Malicious:false
                                                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                              C:\Users\user\AppData\Local\Temp\4b363b3c-9ffd-4f7f-a71f-8f22a4bec72c.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):135751
                                                                                              Entropy (8bit):7.804610863392373
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                              C:\Users\user\AppData\Local\Temp\7a01aebb-9768-4af1-bb5a-dac7a14f761c.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Temp\a7c0e479-2c46-4f60-84b7-128820694172.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):11185
                                                                                              Entropy (8bit):7.951995436832936
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):353
                                                                                              Entropy (8bit):5.353061578088976
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:YEp3DRHJXUYKu56s/up3DRbZhrUP8QJjDrwv/up3DR6gKvJ56s/C:YS3tHJHv56s/Y3tb3b0Dkv/Y3t6rB56R
                                                                                              MD5:55DFB70BD6A828E5191299391DC0AF91
                                                                                              SHA1:F5A8EFE5EDCC5CF8F906BD2959584C6ABCA57BCD
                                                                                              SHA-256:23AF50745962819CDFD9A2B73A129A01E083F2A4BBA41F54E48593AEE026E2C3
                                                                                              SHA-512:510A3278DCC5943BCE43CAB63A87F80A06E7FFE565F7BC78E384B7B6A3D6531F6893C553A5CEDB62D41173697E94292831170F275AE9C4A46ED8432DFBEC1D3A
                                                                                              Malicious:false
                                                                                              Preview:{"logTime": "0905/232204", "correlationVector":"IF4r26AOnh/1PcsUDKDX4x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0905/232204", "correlationVector":"C9FA571C49BD4384B09DBD0C51B9EAA4","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0905/232204", "correlationVector":"eoRY9VQ+xJdpjE3zBEAWWp","action":"EXTENSION_UPDATER", "result":""}.

                                                                                              C:\Users\user\AppData\Local\Temp\eefe692a-aab2-4bc8-8d18-6b239408fdcc.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.4593089050301797
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                              Malicious:false
                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\4b363b3c-9ffd-4f7f-a71f-8f22a4bec72c.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):135751
                                                                                              Entropy (8bit):7.804610863392373
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\128.png

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):4982
                                                                                              Entropy (8bit):7.929761711048726
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\af\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):908
                                                                                              Entropy (8bit):4.512512697156616
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\am\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1285
                                                                                              Entropy (8bit):4.702209356847184
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ar\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1244
                                                                                              Entropy (8bit):4.5533961615623735
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\az\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):977
                                                                                              Entropy (8bit):4.867640976960053
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\be\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3107
                                                                                              Entropy (8bit):3.535189746470889
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\bg\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1389
                                                                                              Entropy (8bit):4.561317517930672
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\bn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1763
                                                                                              Entropy (8bit):4.25392954144533
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ca\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):930
                                                                                              Entropy (8bit):4.569672473374877
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\cs\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):913
                                                                                              Entropy (8bit):4.947221919047
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\cy\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):806
                                                                                              Entropy (8bit):4.815663786215102
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\da\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):883
                                                                                              Entropy (8bit):4.5096240460083905
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\de\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1031
                                                                                              Entropy (8bit):4.621865814402898
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\el\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1613
                                                                                              Entropy (8bit):4.618182455684241
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\en\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):851
                                                                                              Entropy (8bit):4.4858053753176526
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):851
                                                                                              Entropy (8bit):4.4858053753176526
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):848
                                                                                              Entropy (8bit):4.494568170878587
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\en_US\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1425
                                                                                              Entropy (8bit):4.461560329690825
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                              Malicious:false
                                                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\es\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):961
                                                                                              Entropy (8bit):4.537633413451255
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\es_419\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):959
                                                                                              Entropy (8bit):4.570019855018913
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\et\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):968
                                                                                              Entropy (8bit):4.633956349931516
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\eu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):838
                                                                                              Entropy (8bit):4.4975520913636595
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\fa\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1305
                                                                                              Entropy (8bit):4.673517697192589
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\fi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):911
                                                                                              Entropy (8bit):4.6294343834070935
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\fil\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):939
                                                                                              Entropy (8bit):4.451724169062555
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\fr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):977
                                                                                              Entropy (8bit):4.622066056638277
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):972
                                                                                              Entropy (8bit):4.621319511196614
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\gl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):990
                                                                                              Entropy (8bit):4.497202347098541
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\gu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1658
                                                                                              Entropy (8bit):4.294833932445159
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\hi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1672
                                                                                              Entropy (8bit):4.314484457325167
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\hr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):935
                                                                                              Entropy (8bit):4.6369398601609735
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\hu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1065
                                                                                              Entropy (8bit):4.816501737523951
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\hy\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2771
                                                                                              Entropy (8bit):3.7629875118570055
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\id\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):858
                                                                                              Entropy (8bit):4.474411340525479
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\is\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):954
                                                                                              Entropy (8bit):4.631887382471946
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\it\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):899
                                                                                              Entropy (8bit):4.474743599345443
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\iw\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2230
                                                                                              Entropy (8bit):3.8239097369647634
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ja\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1160
                                                                                              Entropy (8bit):5.292894989863142
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ka\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3264
                                                                                              Entropy (8bit):3.586016059431306
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\kk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3235
                                                                                              Entropy (8bit):3.6081439490236464
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\km\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3122
                                                                                              Entropy (8bit):3.891443295908904
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\kn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1880
                                                                                              Entropy (8bit):4.295185867329351
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ko\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1042
                                                                                              Entropy (8bit):5.3945675025513955
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\lo\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2535
                                                                                              Entropy (8bit):3.8479764584971368
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\lt\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1028
                                                                                              Entropy (8bit):4.797571191712988
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                              MD5:970544AB4622701FFDF66DC556847652
                                                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\lv\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):994
                                                                                              Entropy (8bit):4.700308832360794
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ml\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2091
                                                                                              Entropy (8bit):4.358252286391144
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\mn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2778
                                                                                              Entropy (8bit):3.595196082412897
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\mr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1719
                                                                                              Entropy (8bit):4.287702203591075
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ms\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):936
                                                                                              Entropy (8bit):4.457879437756106
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\my\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3830
                                                                                              Entropy (8bit):3.5483353063347587
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                              MD5:342335A22F1886B8BC92008597326B24
                                                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ne\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1898
                                                                                              Entropy (8bit):4.187050294267571
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\nl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):914
                                                                                              Entropy (8bit):4.513485418448461
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\no\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):878
                                                                                              Entropy (8bit):4.4541485835627475
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\pa\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2766
                                                                                              Entropy (8bit):3.839730779948262
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\pl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):978
                                                                                              Entropy (8bit):4.879137540019932
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):907
                                                                                              Entropy (8bit):4.599411354657937
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):914
                                                                                              Entropy (8bit):4.604761241355716
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ro\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):937
                                                                                              Entropy (8bit):4.686555713975264
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ru\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1337
                                                                                              Entropy (8bit):4.69531415794894
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\si\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2846
                                                                                              Entropy (8bit):3.7416822879702547
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\sk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):934
                                                                                              Entropy (8bit):4.882122893545996
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\sl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):963
                                                                                              Entropy (8bit):4.6041913416245
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\sr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1320
                                                                                              Entropy (8bit):4.569671329405572
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\sv\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):884
                                                                                              Entropy (8bit):4.627108704340797
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\sw\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):980
                                                                                              Entropy (8bit):4.50673686618174
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ta\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1941
                                                                                              Entropy (8bit):4.132139619026436
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\te\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1969
                                                                                              Entropy (8bit):4.327258153043599
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\th\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1674
                                                                                              Entropy (8bit):4.343724179386811
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\tr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1063
                                                                                              Entropy (8bit):4.853399816115876
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\uk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1333
                                                                                              Entropy (8bit):4.686760246306605
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\ur\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1263
                                                                                              Entropy (8bit):4.861856182762435
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\vi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1074
                                                                                              Entropy (8bit):5.062722522759407
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):879
                                                                                              Entropy (8bit):5.7905809868505544
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1205
                                                                                              Entropy (8bit):4.50367724745418
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):843
                                                                                              Entropy (8bit):5.76581227215314
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_locales\zu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):912
                                                                                              Entropy (8bit):4.65963951143349
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\_metadata\verified_contents.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):11280
                                                                                              Entropy (8bit):5.754230909218899
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                                              Malicious:false
                                                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\dasherSettingSchema.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):854
                                                                                              Entropy (8bit):4.284628987131403
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                              Malicious:false
                                                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\manifest.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2525
                                                                                              Entropy (8bit):5.417689528134667
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                                              Malicious:false
                                                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\offscreendocument.html

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:HTML document, ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):97
                                                                                              Entropy (8bit):4.862433271815736
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                              Malicious:false
                                                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\offscreendocument_main.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (4369)
                                                                                              Category:dropped
                                                                                              Size (bytes):95567
                                                                                              Entropy (8bit):5.4016395763198135
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                                              Malicious:false
                                                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\page_embed_script.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):291
                                                                                              Entropy (8bit):4.65176400421739
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                              Malicious:false
                                                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_2039522161\CRX_INSTALL\service_worker_bin_prod.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (4369)
                                                                                              Category:dropped
                                                                                              Size (bytes):103988
                                                                                              Entropy (8bit):5.389407461078688
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                                              Malicious:false
                                                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_430768417\CRX_INSTALL\_metadata\verified_contents.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1753
                                                                                              Entropy (8bit):5.8889033066924155
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                              Malicious:false
                                                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_430768417\CRX_INSTALL\content.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):9815
                                                                                              Entropy (8bit):6.1716321262973315
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                              Malicious:false
                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_430768417\CRX_INSTALL\content_new.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):10388
                                                                                              Entropy (8bit):6.174387413738973
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                              Malicious:false
                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_430768417\CRX_INSTALL\manifest.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):962
                                                                                              Entropy (8bit):5.698567446030411
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                              Malicious:false
                                                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7368_430768417\a7c0e479-2c46-4f60-84b7-128820694172.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):11185
                                                                                              Entropy (8bit):7.951995436832936
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                              Category:dropped
                                                                                              Size (bytes):453023
                                                                                              Entropy (8bit):7.997718157581587
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                              Malicious:false
                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):3.91829583405449
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                              Malicious:false
                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):3.91829583405449
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                              Malicious:false
                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.017262956703125623
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                              Malicious:false
                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):66
                                                                                              Entropy (8bit):4.837595020998689
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):66
                                                                                              Entropy (8bit):4.837595020998689
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36830
                                                                                              Entropy (8bit):5.185924656884556
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                              Malicious:false
                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36830
                                                                                              Entropy (8bit):5.185924656884556
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                              Malicious:false
                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1021904
                                                                                              Entropy (8bit):6.648417932394748
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1021904
                                                                                              Entropy (8bit):6.648417932394748
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):116
                                                                                              Entropy (8bit):4.968220104601006
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                              Malicious:false
                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):116
                                                                                              Entropy (8bit):4.968220104601006
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                              Malicious:false
                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):11292
                                                                                              Entropy (8bit):5.531343489966643
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:InaRtZYbBp6ihj4qyaaXk6KtrkfGNBw8rYSl:/egqIuYcwp0
                                                                                              MD5:291729509F355DF0AE4664C4556DD642
                                                                                              SHA1:E1AD622E4574B97FECC59E9BF066826F3E562D83
                                                                                              SHA-256:2C398322B0B7D20B49525452569DB8DC90E772390A49EAA3E1F6D53132589363
                                                                                              SHA-512:5AED9A62AB86ED82C1BB41DD9277D21A2BED21034899979A0FD70B1D5598668AC119E80F75DE752DA1C4D5241FA2A4D8C6180A8EEB54B819C9FD32F6CD4ADB39
                                                                                              Malicious:false
                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725584624);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725584624);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):11292
                                                                                              Entropy (8bit):5.531343489966643
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:InaRtZYbBp6ihj4qyaaXk6KtrkfGNBw8rYSl:/egqIuYcwp0
                                                                                              MD5:291729509F355DF0AE4664C4556DD642
                                                                                              SHA1:E1AD622E4574B97FECC59E9BF066826F3E562D83
                                                                                              SHA-256:2C398322B0B7D20B49525452569DB8DC90E772390A49EAA3E1F6D53132589363
                                                                                              SHA-512:5AED9A62AB86ED82C1BB41DD9277D21A2BED21034899979A0FD70B1D5598668AC119E80F75DE752DA1C4D5241FA2A4D8C6180A8EEB54B819C9FD32F6CD4ADB39
                                                                                              Malicious:false
                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725584624);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725584624);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):53
                                                                                              Entropy (8bit):4.136624295551173
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                              Malicious:false
                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):53
                                                                                              Entropy (8bit):4.136624295551173
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                              Malicious:false
                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):272
                                                                                              Entropy (8bit):5.491511057522698
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0Es6tVaJNzdDdCQ:vLz2S+EWDDoWqC+bfPK32s6Md9
                                                                                              MD5:F582AA91673E70410103506B375328CF
                                                                                              SHA1:CEDA71D1536FD5144342EBEC766ED3C873899E5E
                                                                                              SHA-256:E68D7F9FBEDFCFF6FE39EC3872AB8B57B30BBA7CDDF64AE27888BAC5156EC904
                                                                                              SHA-512:C892F8CD52DB7808A0569F5176F435C7C22F4004743177D9CCF921A5AB98C531AF76959140EFC849B112AFB9B6E52C6C010FFD7E291205E41F2EB594E9D2CE7C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725584611450,"startTim...$591239,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):272
                                                                                              Entropy (8bit):5.491511057522698
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0Es6tVaJNzdDdCQ:vLz2S+EWDDoWqC+bfPK32s6Md9
                                                                                              MD5:F582AA91673E70410103506B375328CF
                                                                                              SHA1:CEDA71D1536FD5144342EBEC766ED3C873899E5E
                                                                                              SHA-256:E68D7F9FBEDFCFF6FE39EC3872AB8B57B30BBA7CDDF64AE27888BAC5156EC904
                                                                                              SHA-512:C892F8CD52DB7808A0569F5176F435C7C22F4004743177D9CCF921A5AB98C531AF76959140EFC849B112AFB9B6E52C6C010FFD7E291205E41F2EB594E9D2CE7C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725584611450,"startTim...$591239,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):6.579620624856707
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:file.exe
                                                                                              File size:917'504 bytes
                                                                                              MD5:33c800ae059656e1c13d9bbbf80c9865
                                                                                              SHA1:18528819cdf8189263a347dd76a9da563e467ca3
                                                                                              SHA256:6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054
                                                                                              SHA512:07ab0d0d9b122c842c4f84f5d9b76d1e899eb948098e9d0cb23550612e78e47e5354a43eae25208e742ff548b257a9f43a63e3197946446d7b4fc5259505d8ae
                                                                                              SSDEEP:12288:lqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTL:lqDEvCTbMWu7rQYlBQcBiT6rprG8avL
                                                                                              TLSH:48159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                              File Icon

                                                                                              Icon Hash:aaf3e3e3938382a0

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x420577
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x66DA2FA1 [Thu Sep 5 22:24:33 2024 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:5
                                                                                              OS Version Minor:1
                                                                                              File Version Major:5
                                                                                              File Version Minor:1
                                                                                              Subsystem Version Major:5
                                                                                              Subsystem Version Minor:1
                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              call 00007F62A08CF883h
                                                                                              jmp 00007F62A08CF18Fh
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              push dword ptr [ebp+08h]
                                                                                              mov esi, ecx
                                                                                              call 00007F62A08CF36Dh
                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                              mov eax, ecx
                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              push dword ptr [ebp+08h]
                                                                                              mov esi, ecx
                                                                                              call 00007F62A08CF33Ah
                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                              mov eax, ecx
                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              mov esi, ecx
                                                                                              lea eax, dword ptr [esi+04h]
                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                              and dword ptr [eax], 00000000h
                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                              push eax
                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                              add eax, 04h
                                                                                              push eax
                                                                                              call 00007F62A08D1F2Dh
                                                                                              pop ecx
                                                                                              pop ecx
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                              push eax
                                                                                              call 00007F62A08D1F78h
                                                                                              pop ecx
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              mov esi, ecx
                                                                                              lea eax, dword ptr [esi+04h]
                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                              push eax
                                                                                              call 00007F62A08D1F61h
                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                              pop ecx

                                                                                              Rich Headers

                                                                                              Programming Language:
                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rsrc0xd40000x95000x96001a146f459dbcd284d691c92d2bb497fbFalse0.2811197916666667data5.161879992648867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                              Imports

                                                                                              DLLImport
                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                              UxTheme.dllIsThemeActive
                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishGreat Britain

                                                                                              Network Behavior

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Sep 6, 2024 01:21:53.414987087 CEST49675443192.168.2.4173.222.162.32
                                                                                              Sep 6, 2024 01:22:03.055268049 CEST49675443192.168.2.4173.222.162.32
                                                                                              Sep 6, 2024 01:22:03.388410091 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:03.388453960 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:03.388820887 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:03.389198065 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:03.389210939 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.118228912 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.118509054 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.118534088 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.118899107 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.118913889 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.118952990 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.118962049 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.118995905 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.119014978 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.119601965 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.121258974 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.121321917 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.121500969 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.121509075 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.302490950 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.383922100 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.383959055 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.383996010 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.384015083 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.386862040 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.386904955 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.386914968 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.393117905 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.393158913 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.393165112 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.399374962 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.399418116 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.399425030 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.405622959 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.405682087 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.405689955 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.411895990 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.411931038 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.411937952 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.418210030 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.418256044 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.418266058 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.424423933 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.424473047 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.424485922 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.472166061 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.472207069 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.472222090 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.472863913 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.472898960 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.472907066 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.479072094 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.479190111 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.479197979 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.485325098 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.485367060 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.485373974 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.491600990 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.491651058 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.491658926 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.504287004 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.504317045 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.504328012 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.504339933 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.504379988 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.504384995 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.510409117 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.510452986 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.510462999 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.516551018 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.516590118 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.516598940 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.522517920 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.522902012 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.522910118 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.527834892 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.528008938 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.528017044 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.533308983 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.533416986 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.533426046 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.538672924 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.538789034 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.538796902 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.544194937 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.544255972 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.544262886 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.549590111 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.553808928 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.553817987 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.555110931 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.555202007 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.555210114 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.560440063 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.560705900 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.560714006 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.564332962 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.564443111 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.564451933 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.568228006 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.568298101 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.568305969 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.571974993 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.572057009 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.572067022 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.575449944 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.575634956 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.575644016 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.578926086 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.578994989 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.579003096 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.582395077 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.585764885 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.585788012 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.585803032 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.586503029 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.586508989 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.589349031 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.592320919 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.592329979 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.592828035 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.592911959 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.592919111 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.596218109 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.596740961 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.596750975 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.599720001 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.601083994 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.601093054 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.603179932 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.606770039 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.606796980 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.606806993 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.607362032 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.607369900 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.610193014 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.614773035 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.614803076 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.614814043 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.617178917 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.617187023 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.617304087 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.618334055 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.618341923 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.620573997 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.620671034 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.620677948 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.624131918 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.624245882 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.624252081 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.627897024 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.628051996 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.628058910 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.630882025 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.631093025 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.631102085 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.634263992 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.634403944 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.634412050 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.637671947 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.638091087 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.638098955 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.640497923 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.640536070 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.640691996 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.640703917 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.640775919 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.643567085 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.646603107 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.646756887 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.646764040 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.646775007 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.646850109 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.685071945 CEST49742443192.168.2.4142.250.184.193
                                                                                              Sep 6, 2024 01:22:04.685097933 CEST44349742142.250.184.193192.168.2.4
                                                                                              Sep 6, 2024 01:22:05.745764017 CEST4975453192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:05.750531912 CEST53497541.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:05.750596046 CEST4975453192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:05.750689030 CEST4975453192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:05.750741959 CEST4975453192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:05.755584955 CEST53497541.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:05.755595922 CEST53497541.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.060273886 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.060326099 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.060376883 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.060655117 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.060672045 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.063174963 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.063201904 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.063386917 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.064024925 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.064038992 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.191817045 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.191867113 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.191940069 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.201061964 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.201086044 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.201208115 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.201929092 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.201941013 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.204844952 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.204860926 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.214729071 CEST53497541.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.215475082 CEST4975453192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.220665932 CEST53497541.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.220721006 CEST4975453192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.245445967 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.245471001 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.245671988 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.245944977 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.245954990 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.266767979 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.266799927 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.266855955 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.267038107 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.267055988 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.704638958 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.704747915 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.704766989 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.707545042 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.707556009 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.707681894 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.707693100 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.707761049 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.707789898 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.708566904 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.708688021 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.708813906 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.708825111 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.708834887 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.709942102 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.710002899 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.710033894 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.710158110 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.710216999 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.710309982 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.710711002 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.711044073 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.711105108 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.711152077 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.711608887 CEST49767443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:06.711653948 CEST4434976735.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.713267088 CEST49767443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:06.718120098 CEST49767443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:06.718132019 CEST4434976735.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.752500057 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.752501011 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.752506971 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.756474018 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.756490946 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.756514072 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.756521940 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.828300953 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.828365088 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.830339909 CEST49760443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.830353022 CEST44349760162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.843405962 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.848540068 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.848843098 CEST49756443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.848858118 CEST44349756162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.849507093 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.851210117 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.851480007 CEST49755443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:06.851492882 CEST44349755162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.893158913 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.894567966 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.894586086 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.895582914 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.895992041 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.896440029 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.896610975 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.896622896 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.897428989 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.897494078 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.897557974 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.897583961 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.897646904 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.899003983 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.899050951 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.899055958 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.899065018 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.913722992 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.916996002 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.917005062 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.918701887 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.919178963 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.919460058 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.919563055 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:06.919567108 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.919862032 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.940504074 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.948873997 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:06.948887110 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.022197008 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.022254944 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.022366047 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.022386074 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.022689104 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.023874044 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.025423050 CEST49762443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.025441885 CEST4434976213.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.026555061 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.026576996 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.027201891 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.027215004 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.027242899 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.027381897 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.028783083 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.028794050 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.028832912 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.028845072 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.028862953 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.029870033 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:07.030011892 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:07.030462027 CEST49763443192.168.2.4152.195.19.97
                                                                                              Sep 6, 2024 01:22:07.030472994 CEST44349763152.195.19.97192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.110585928 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.110594988 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.110636950 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.110647917 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.111994982 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.112003088 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.112020969 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.112029076 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.124006033 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.125351906 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.125364065 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.125415087 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.190282106 CEST4434976735.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.196862936 CEST49767443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:07.198954105 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.198976994 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199040890 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199049950 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199075937 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199088097 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199095964 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199112892 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199120045 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199132919 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199155092 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.199187040 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.199217081 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.200129986 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.200217009 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.200567961 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.200572014 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.200975895 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.200989008 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.201977968 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.201991081 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.203253031 CEST49761443192.168.2.413.107.246.51
                                                                                              Sep 6, 2024 01:22:07.203263998 CEST4434976113.107.246.51192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.215572119 CEST49767443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:07.215586901 CEST4434976735.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.215693951 CEST49767443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:07.215734959 CEST4434976735.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.216151953 CEST49767443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:07.481091976 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:07.481120110 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.481323957 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:07.481643915 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:07.481656075 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.663193941 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.663360119 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.663746119 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.663762093 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.664081097 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.664092064 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.664099932 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.664469004 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.665005922 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.665076017 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.670475960 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.670553923 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.758423090 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.805162907 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.833513975 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:07.833559036 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.847173929 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:07.849471092 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:07.849493980 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.114917994 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.139528036 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.139552116 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.139924049 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.152496099 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.152565956 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.152620077 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.196513891 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.250850916 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.250897884 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.250916004 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.254714012 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.254741907 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.254877090 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.254899979 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.256670952 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.256688118 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.256696939 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.258162975 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.258255959 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.258256912 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.258439064 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.258455038 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.258599043 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.258610964 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.304223061 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.305407047 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.305423975 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.305754900 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.307010889 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.307071924 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.337081909 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.337091923 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.337126017 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.337143898 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.337162018 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.337167025 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.337471962 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.337707043 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.338774920 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.338782072 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.338809967 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.338829041 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.339478016 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.339485884 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.339618921 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.352380037 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.423381090 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.423409939 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.424561977 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.424602985 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.424669981 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.424685955 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.425587893 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.425602913 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.426290989 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.426354885 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.426361084 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.426631927 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.426662922 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.427241087 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.427258968 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.428370953 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.428548098 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.428553104 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.428654909 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.457047939 CEST49775443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:08.457077980 CEST4434977535.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.468126059 CEST49775443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:08.488507032 CEST49775443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:08.488521099 CEST4434977535.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.510087013 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.510104895 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.510833979 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.510873079 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.511491060 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.511502028 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.511543036 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.511558056 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.515929937 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.515940905 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.531152010 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.531163931 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.531172037 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.531178951 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.531208038 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.536660910 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.536669016 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.536696911 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.540330887 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.540335894 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.540344000 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.540366888 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.546150923 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.546150923 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.546164036 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.546185017 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.549031019 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.554784060 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.554794073 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.554811954 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.554820061 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.555530071 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.555541992 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.555563927 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.561397076 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.561445951 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.564713001 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.564744949 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.581945896 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.596987009 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.596993923 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597034931 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597045898 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597450018 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597459078 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597481012 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597489119 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597796917 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597810984 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597843885 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.597851992 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.598097086 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.598108053 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.598277092 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.598293066 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.598301888 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.598309040 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.598371029 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.598397970 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.598448038 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.603802919 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.717037916 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.720103979 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.732342005 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.751811028 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.751827002 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.752204895 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.752902031 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.752913952 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.753259897 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.760003090 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.760066986 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.803750992 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.803834915 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.858388901 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:08.858431101 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.858537912 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:08.858964920 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:08.858994007 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.859744072 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:08.859765053 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.859822035 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.859827995 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:08.860362053 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:08.860374928 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.873806953 CEST49770443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.873821020 CEST4434977013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.905972004 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.957046986 CEST4434977535.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.957061052 CEST4434977535.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.959511995 CEST49775443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:08.967761993 CEST49775443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:08.967768908 CEST4434977535.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.967876911 CEST49775443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:08.967927933 CEST4434977535.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.972265005 CEST49775443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:08.981285095 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.981314898 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.982067108 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.982086897 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.982296944 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.982305050 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.982661009 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.982666969 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.982906103 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.982918024 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.983917952 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.983925104 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.988315105 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988315105 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988337040 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988337040 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988388062 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988795996 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988814116 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.988935947 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988935947 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.988951921 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.989731073 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.989746094 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.989943027 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.989955902 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.990451097 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.990464926 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.990695953 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:08.990708113 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.183367014 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:09.183408022 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.183726072 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:09.185704947 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:09.185719013 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.324362040 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.326615095 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.326646090 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.327029943 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.327723980 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.327975035 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.327986956 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.329380035 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.329444885 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.329618931 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.345555067 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.345859051 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.345873117 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.346224070 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.346556902 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.346925974 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.347348928 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:09.347381115 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.347596884 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.347628117 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:09.347793102 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.347855091 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.347938061 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:09.347951889 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.348038912 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.376509905 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.392508030 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.400779009 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.400785923 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.438791990 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.441231012 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.442719936 CEST49776443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.442734003 CEST44349776142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.462462902 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.463303089 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.464160919 CEST49777443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.464171886 CEST44349777142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.760596037 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.760637045 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.760860920 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.761101961 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.761115074 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.775342941 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.775376081 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.775486946 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.775661945 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.775671959 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.585274935 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.585371971 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.585660934 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.585679054 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.588037014 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.590373993 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.590735912 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.596518040 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.596821070 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:10.612343073 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:10.658977032 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.658998966 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.659249067 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.702511072 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.702521086 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.702522039 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.705302000 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.705312014 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.705451012 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.705466032 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.705559969 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.705564976 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.705689907 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.705693960 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.705713987 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.705724955 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.705806017 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.705810070 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.705936909 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706185102 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706330061 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706341028 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706454039 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706465006 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706688881 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706700087 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706765890 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.706779003 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.709846020 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:10.709852934 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.709956884 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.710160017 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.710180998 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.710634947 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.710640907 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.734643936 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.734776974 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.735877991 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.735985994 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.736125946 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.736222982 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.736358881 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.736442089 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.736609936 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.736681938 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.740952015 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.741046906 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.741328001 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.741383076 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.741405010 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.741414070 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.741503000 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.741512060 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.741564035 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.741569996 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.741626978 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.741641998 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.769253969 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:10.784507990 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.788503885 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.808656931 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.808666945 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.812511921 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.831032991 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.832011938 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.832029104 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.833117008 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.833170891 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.833466053 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.833525896 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.833590031 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.834260941 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.838041067 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:10.838480949 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:10.843334913 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.854711056 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.854876041 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.876502037 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926358938 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926423073 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926443100 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926446915 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926493883 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926516056 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926527977 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.926538944 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926544905 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.926554918 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926816940 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.926886082 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.926898003 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926996946 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.926997900 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.927086115 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.927093029 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.928468943 CEST49781443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.928487062 CEST4434978113.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.928567886 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.928586006 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.928654909 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.928663015 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.928827047 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.928855896 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.928880930 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.928962946 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.928962946 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.929405928 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.929410934 CEST4434977913.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.929419994 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.929636002 CEST49780443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.929642916 CEST4434978013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.929864883 CEST49779443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.930202007 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.930212975 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.930522919 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.930543900 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.930795908 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.930843115 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.930876017 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.931051016 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.931128025 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.931133986 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.931162119 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.931176901 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.931255102 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.936130047 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.936171055 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.936625957 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.936700106 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.937369108 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.940243959 CEST49783443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.940251112 CEST4434978313.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.941828966 CEST49784443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.941833019 CEST4434978413.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.943018913 CEST49782443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:10.943027020 CEST4434978213.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.943486929 CEST49786443192.168.2.4142.251.40.132
                                                                                              Sep 6, 2024 01:22:10.943504095 CEST44349786142.251.40.132192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.964212894 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:10.964236975 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.964320898 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:10.964489937 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:10.964499950 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.015825987 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.015878916 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.015938997 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.015996933 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.016005993 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.016016006 CEST49785443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.016021013 CEST44349785184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.039297104 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.039848089 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.039865017 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.040220976 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.040303946 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.040913105 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.040962934 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.041148901 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.041208029 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.051034927 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.051062107 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.051877022 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.052265882 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.052278042 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.059246063 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.059446096 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.059458971 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.059837103 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.059892893 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.060573101 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.060631037 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.060760975 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.060807943 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.160589933 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.160604954 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.252505064 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.252558947 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.290759087 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.305089951 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:11.313057899 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:11.317903042 CEST804979334.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.319925070 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:11.320590973 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:11.325381994 CEST804979334.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.411314964 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:11.426443100 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.426650047 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:11.426668882 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.427922010 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.427982092 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:11.428895950 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:11.428956032 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.429063082 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:11.429070950 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.560137987 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:11.566493988 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.566575050 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.566633940 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:11.567235947 CEST49791443192.168.2.4142.250.176.202
                                                                                              Sep 6, 2024 01:22:11.567253113 CEST44349791142.250.176.202192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.597783089 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.597996950 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:11.598009109 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.598334074 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.598676920 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:11.598737001 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.598803043 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:11.640501976 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.688069105 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.688149929 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.689289093 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.689300060 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.689518929 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.690501928 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.702728033 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.702776909 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.702827930 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:11.703660965 CEST49790443192.168.2.413.107.246.40
                                                                                              Sep 6, 2024 01:22:11.703677893 CEST4434979013.107.246.40192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.732506990 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.771297932 CEST804979334.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.960645914 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:11.967570066 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.967644930 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.968528032 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.969279051 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.969279051 CEST49792443192.168.2.4184.28.90.27
                                                                                              Sep 6, 2024 01:22:11.969295025 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.969304085 CEST44349792184.28.90.27192.168.2.4
                                                                                              Sep 6, 2024 01:22:15.891355038 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:15.891396046 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:15.891611099 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:15.892617941 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:15.892631054 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:16.595658064 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:16.595760107 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:16.598459959 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:16.598469019 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:16.598706961 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:16.648036003 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:17.298598051 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:17.344502926 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.530508041 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.530527115 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.530534029 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.530545950 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.530580997 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.530605078 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:17.530611992 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.530623913 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:17.530663967 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:17.530955076 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.531033993 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:17.534919977 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:18.380500078 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:18.380500078 CEST49794443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:18.380522966 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:18.380532026 CEST4434979413.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:21.310575962 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:21.315522909 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:21.771637917 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:21.776459932 CEST804979334.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:22.572354078 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:22.572413921 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:22.572427034 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:22.572503090 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:22.572695017 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:22.572774887 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:23.628885031 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:23.628957033 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:23.629151106 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:23.638658047 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:23.638725042 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:23.638792992 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:27.401526928 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:27.401612043 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:27.401725054 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:31.321132898 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:31.325900078 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:31.786756992 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:31.791702986 CEST804979334.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.612514973 CEST49800443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:36.612540960 CEST4434980035.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.612803936 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:36.612812042 CEST4434980135.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.613270044 CEST49800443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:36.613341093 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:36.614533901 CEST49800443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:36.614546061 CEST4434980035.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.614664078 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:36.614670992 CEST4434980135.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.622267008 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:36.622289896 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.622462988 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:36.622621059 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:36.622631073 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.026232958 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.026287079 CEST4434980352.222.236.80192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.026369095 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.026477098 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.026489019 CEST4434980352.222.236.80192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.072832108 CEST4434980035.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.072896957 CEST49800443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:37.077181101 CEST49800443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:37.077188969 CEST4434980035.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.077290058 CEST49800443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:37.077336073 CEST4434980035.190.72.216192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.077444077 CEST49800443192.168.2.435.190.72.216
                                                                                              Sep 6, 2024 01:22:37.079313040 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.084096909 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.086429119 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.086496115 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.089061975 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.089073896 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.089287996 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.091448069 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.091587067 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.091595888 CEST4434980234.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.091705084 CEST49802443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.092031956 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.092056036 CEST4434980434.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.092108011 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.092232943 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.092241049 CEST4434980434.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.101442099 CEST4434980135.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.101505995 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.104146957 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.104154110 CEST4434980135.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.104356050 CEST4434980135.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.106451035 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.106539011 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.106591940 CEST4434980135.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.107036114 CEST49801443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.107644081 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.112628937 CEST804979334.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.112677097 CEST4979380192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.175270081 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.175653934 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.180762053 CEST804978934.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.180825949 CEST4978980192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.185512066 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.190310001 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.190385103 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.190490007 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.195266962 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.814986944 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.817116976 CEST4434980434.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.817203999 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.820535898 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.820544004 CEST4434980434.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.820769072 CEST4434980434.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.821867943 CEST4434980352.222.236.80192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.822844028 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.822911978 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.822987080 CEST4434980434.149.100.209192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.824531078 CEST49804443192.168.2.434.149.100.209
                                                                                              Sep 6, 2024 01:22:37.824549913 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.827436924 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.827446938 CEST4434980352.222.236.80192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.828041077 CEST4434980352.222.236.80192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.828751087 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.830729961 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.830792904 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.830887079 CEST4434980352.222.236.80192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.833554029 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.835850000 CEST49803443192.168.2.452.222.236.80
                                                                                              Sep 6, 2024 01:22:37.835895061 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.836184978 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:37.838722944 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.838749886 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.839128971 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.839245081 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.839257002 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.840961933 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.848069906 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.848094940 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.848283052 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.848304033 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.850632906 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.850634098 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.850764990 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.850779057 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.850876093 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:37.850888968 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.854024887 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.854070902 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:38.490511894 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.494118929 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.494204044 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.494491100 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.494496107 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:38.499445915 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.500504017 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.501631975 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.501636028 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.501802921 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.504266024 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.504275084 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.504569054 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.506517887 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.506525993 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.506752014 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.506782055 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.508956909 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.508972883 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.509171009 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.510040045 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.510266066 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:38.512465000 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.512603045 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.512785912 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.512793064 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.513098001 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.513139009 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.513267994 CEST4434980835.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.513437986 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.513495922 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.513576031 CEST4434980935.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.513675928 CEST49808443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.513772011 CEST49809443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.516674995 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:38.521516085 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.590116024 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.614156961 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.616106987 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:38.621042013 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.655313969 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:38.711359024 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.720504045 CEST4434980735.244.181.201192.168.2.4
                                                                                              Sep 6, 2024 01:22:38.720560074 CEST49807443192.168.2.435.244.181.201
                                                                                              Sep 6, 2024 01:22:38.755568981 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:48.629800081 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:48.635288954 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:48.714433908 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:48.719371080 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:54.939053059 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:54.939095974 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:54.939177036 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:54.939529896 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:54.939542055 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.606728077 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.606939077 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.610270977 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.610280037 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.610486031 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.618360043 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.660505056 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.865412951 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.865448952 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.865462065 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.865654945 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.865677118 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.865911007 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.865947962 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.866108894 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.866116047 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.866353035 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.867896080 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.869493008 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.869503021 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:55.869522095 CEST49811443192.168.2.413.85.23.86
                                                                                              Sep 6, 2024 01:22:55.869525909 CEST4434981113.85.23.86192.168.2.4
                                                                                              Sep 6, 2024 01:22:56.166958094 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:56.166980982 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:56.267242908 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:56.267261982 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:58.642410040 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:58.647293091 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:22:58.742750883 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:22:58.747570992 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:01.134984016 CEST49772443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:01.134984016 CEST49773443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:01.135009050 CEST44349773162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:01.135009050 CEST44349772162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.237442017 CEST49769443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.237468004 CEST44349769162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.237490892 CEST49768443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.237520933 CEST44349768162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.237565041 CEST49771443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:03.237607002 CEST44349771104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.921461105 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:03.921499968 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.921570063 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:03.921737909 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:03.921755075 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.382391930 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.385232925 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:04.385263920 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.385597944 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.386358976 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:04.386424065 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.386548996 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:04.431663036 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:04.431674004 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.522339106 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.522408009 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.522597075 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:04.522617102 CEST4434981323.200.0.42192.168.2.4
                                                                                              Sep 6, 2024 01:23:04.522682905 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:04.522696018 CEST49813443192.168.2.423.200.0.42
                                                                                              Sep 6, 2024 01:23:07.625715971 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.625744104 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.625963926 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.625986099 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.626087904 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.626097918 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.626157045 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.626225948 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.626245975 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.626316071 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.626328945 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.626420975 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.626434088 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.626490116 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:07.626498938 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.094739914 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.094810009 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.098274946 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.098280907 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.098506927 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.100255966 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.100934982 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.103101969 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.103108883 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.103303909 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.103734016 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.103828907 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.103905916 CEST4434981534.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.104032040 CEST49815443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.107191086 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.107243061 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.145586967 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.313843012 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.313853025 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.314065933 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.316641092 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.316800117 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.316817045 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.316826105 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.317744970 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.317821980 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.317868948 CEST4434981634.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.317966938 CEST49816443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.334642887 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:08.339584112 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.431941986 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.482430935 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:08.494369030 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:08.499455929 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.532502890 CEST4434981434.120.208.123192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.533201933 CEST49814443192.168.2.434.120.208.123
                                                                                              Sep 6, 2024 01:23:08.590286016 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.636399031 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:18.443139076 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:18.448071003 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:18.596910000 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:18.601716042 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:28.463016033 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:28.467945099 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:28.616708040 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:28.621584892 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:38.480846882 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:38.485814095 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:38.628767967 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:38.633622885 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:41.180690050 CEST49788443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:23:41.180706024 CEST44349788142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:23:41.280981064 CEST49787443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:23:41.281001091 CEST44349787142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:23:48.494509935 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:48.499571085 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:48.638549089 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:48.643433094 CEST804980534.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:58.499285936 CEST4980680192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:58.504461050 CEST804980634.107.221.82192.168.2.4
                                                                                              Sep 6, 2024 01:23:58.646384954 CEST4980580192.168.2.434.107.221.82
                                                                                              Sep 6, 2024 01:23:58.831408978 CEST804980534.107.221.82192.168.2.4

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Sep 6, 2024 01:22:01.659091949 CEST53562361.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:03.220877886 CEST5742053192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:03.221312046 CEST5203653192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:03.378664017 CEST5303453192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:03.378806114 CEST6274253192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:03.385453939 CEST53530341.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:03.387681961 CEST53627421.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.410129070 CEST53591761.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:04.730200052 CEST53573791.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:05.744260073 CEST53504501.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.052094936 CEST6537753192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.052839994 CEST4934553192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.055454969 CEST5843853192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.055589914 CEST5698853192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.058780909 CEST53653771.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.059781075 CEST53493451.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.061916113 CEST53584381.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.062036991 CEST53569881.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.181813955 CEST5360353192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.181957960 CEST5778353192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.188328981 CEST53536031.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.188664913 CEST53577831.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.712909937 CEST5068953192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.721740007 CEST53506891.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.753256083 CEST5646953192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:06.760879040 CEST53564691.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:06.896389008 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.198642969 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.370080948 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.370106936 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.370224953 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.370280981 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.370291948 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.378784895 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.380140066 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.380405903 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.380500078 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.380738020 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.380857944 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.415760994 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.415760994 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.476320982 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.476377010 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.477596045 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.477890015 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.477899075 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.478740931 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.480011940 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.480387926 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.480638981 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.512586117 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.514306068 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.514386892 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.518573046 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.519512892 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:07.574363947 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.603049994 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:07.833216906 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:07.975873947 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.984236002 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.984301090 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.984311104 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:07.984323025 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.136748075 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.138312101 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.139203072 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.139292002 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.142518997 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.237363100 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.237375021 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.237382889 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.237391949 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.238742113 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.238833904 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.252023935 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.252599001 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.254002094 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.254149914 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.268454075 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.268907070 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.268938065 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.268946886 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.269948006 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.269989967 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.272766113 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.273221970 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.349255085 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.350354910 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.351103067 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.359752893 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.368474960 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.371121883 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.371227980 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.401357889 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.401370049 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.431560040 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.468002081 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.468502998 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.468725920 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.480119944 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.561856031 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.589302063 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589366913 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589378119 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589389086 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589409113 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589476109 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589488029 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589627981 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589705944 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.589744091 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.618391037 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.618438005 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.618448973 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.618459940 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.636161089 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.636173010 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.636183023 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.652451038 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.652503014 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.658731937 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.666171074 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.681287050 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.681619883 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.686346054 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686420918 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686467886 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686510086 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686559916 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686611891 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686655998 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686705112 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686755896 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686800003 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686847925 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.686897993 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.699794054 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.700071096 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.700143099 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.700155020 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.718696117 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.718708038 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.718718052 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.718760014 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.718770981 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.718780994 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.730727911 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.733943939 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.740367889 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.750874043 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.751039982 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.751981974 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.752458096 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.752518892 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.752576113 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.753580093 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.754128933 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.757644892 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.757656097 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.757667065 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.766464949 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.770123959 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.780345917 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.786943913 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.792042017 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.794723988 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.799433947 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.802773952 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.802829981 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.802872896 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.802939892 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.802990913 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.803319931 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.803406000 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.804754019 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.804857016 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.810164928 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.810754061 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.812140942 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.816203117 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.820709944 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.835881948 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.835907936 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.835918903 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.839791059 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.844376087 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.846761942 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.847702026 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.847769976 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.847815990 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.847871065 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.847917080 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.848753929 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.850578070 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.851425886 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.851555109 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.851732016 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.855087042 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.856369019 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.859512091 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.861970901 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.863281012 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.866307974 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.870387077 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.873393059 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.873437881 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.874543905 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.877728939 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.882643938 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.885848999 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.888324022 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.889235973 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.893539906 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.897711992 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.897722006 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.897728920 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.897803068 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.898838043 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.899785042 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.900516987 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.900791883 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.900826931 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904421091 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904433012 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904460907 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904472113 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904488087 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904567003 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904578924 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904587984 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904597044 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.904606104 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.925977945 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.925993919 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.926002026 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:08.945523024 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.945590019 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.945636988 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.945703983 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.945755959 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.945806026 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.945856094 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.951472998 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.953186035 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.953239918 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.953366041 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:08.957783937 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:08.984863043 CEST64023443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:22:09.047691107 CEST44359551162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.109383106 CEST44364023104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.113322020 CEST59551443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:09.247869015 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:09.247966051 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:09.344638109 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.345637083 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.345911026 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:09.346930981 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:09.447263002 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.760198116 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:09.881479979 CEST5281153192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:10.375072956 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.580291986 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.580306053 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.580344915 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.703722000 CEST5825353192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:10.705034971 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.828583002 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.828597069 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.828608036 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.828859091 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.829252005 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.829453945 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.830780029 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.830899954 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.831319094 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.831336021 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.831496000 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.836505890 CEST53582531.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.839132071 CEST4984553192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:10.845909119 CEST53498451.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.865463972 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:10.865647078 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:10.928880930 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.928917885 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.929336071 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.929531097 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.930893898 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.930951118 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.931502104 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.943605900 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.945574999 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.958777905 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.959000111 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:10.962045908 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.963330984 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.963378906 CEST44361788162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:22:10.963572025 CEST61788443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:22:11.056766987 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.296349049 CEST6196953192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:11.300213099 CEST6195653192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:11.301662922 CEST6369953192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:11.303476095 CEST53619691.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:11.306857109 CEST53619561.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:18.060574055 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:18.060609102 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:18.158781052 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:18.203284979 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:18.253587961 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:18.376220942 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:21.000804901 CEST138138192.168.2.4192.168.2.255
                                                                                              Sep 6, 2024 01:22:36.611839056 CEST5218053192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:36.613204002 CEST5156853192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:36.618418932 CEST53521801.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.620161057 CEST53515681.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.622184038 CEST5579753192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:36.622790098 CEST5192353192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:36.629307032 CEST53519231.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.629403114 CEST53557971.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:36.629806042 CEST6517853192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:36.636254072 CEST53651781.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.018243074 CEST5615653192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:37.025244951 CEST53561561.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.026845932 CEST5005553192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:37.034545898 CEST53500551.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.035104990 CEST5950553192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:37.042727947 CEST53595051.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:22:37.178236961 CEST5604753192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:22:39.021317959 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:39.138650894 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:39.138957977 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:39.262454987 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:39.652322054 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:39.766160965 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:22:39.766500950 CEST49737443192.168.2.4142.250.80.46
                                                                                              Sep 6, 2024 01:22:39.890136003 CEST44349737142.250.80.46192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.238363028 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.238522053 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.238707066 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.238806009 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.612986088 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.719129086 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.719142914 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.719152927 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.719162941 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.719172001 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.719700098 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.719777107 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.719849110 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.719918966 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.816586971 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.816927910 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.819549084 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:03.917642117 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.920191050 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.920391083 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:03.920799971 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:04.621478081 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:05.206049919 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:05.215476036 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:05.215492010 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:05.216234922 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:05.306881905 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:05.307985067 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:05.310554028 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:05.310626984 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:05.310636044 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:05.310894966 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:05.337441921 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:05.402234077 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.626228094 CEST4987153192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:23:07.632791042 CEST53498711.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.633294106 CEST5762853192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:23:07.639830112 CEST53576281.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:23:07.971550941 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:07.971721888 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:08.066309929 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.067411900 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.067531109 CEST44363977162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.067897081 CEST63977443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:23:08.068766117 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:08.068881035 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:08.069102049 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:08.334670067 CEST5592653192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:23:08.523619890 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.523726940 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.523863077 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.524130106 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:08.524142027 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.524293900 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.525108099 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:08.624711990 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.624768019 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.633631945 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:08.651045084 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.651057959 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.651068926 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:08.651624918 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:08.682687044 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:09.608217001 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:09.786340952 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:10.210122108 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:10.978552103 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:11.080209970 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:11.105731964 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:11.110418081 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:11.110434055 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:11.110441923 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:11.110644102 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:11.110716105 CEST62552443192.168.2.4172.253.115.84
                                                                                              Sep 6, 2024 01:23:11.234932899 CEST44362552172.253.115.84192.168.2.4
                                                                                              Sep 6, 2024 01:23:25.310899973 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:25.338257074 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:26.707494020 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:23:26.745858908 CEST49530443192.168.2.4104.126.116.43
                                                                                              Sep 6, 2024 01:23:35.320534945 CEST44349530104.126.116.43192.168.2.4
                                                                                              Sep 6, 2024 01:24:04.681793928 CEST5449753192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:24:04.681893110 CEST6108053192.168.2.41.1.1.1
                                                                                              Sep 6, 2024 01:24:04.688492060 CEST53610801.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:24:04.688836098 CEST53544971.1.1.1192.168.2.4
                                                                                              Sep 6, 2024 01:24:04.689515114 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:04.689632893 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:04.689790964 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:04.689852953 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.012916088 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.137672901 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.137686014 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.137696028 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.137706041 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.137716055 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.138159990 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.138212919 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.138279915 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.138331890 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.236226082 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.236236095 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.251581907 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.350699902 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.351315975 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.351600885 CEST44357092162.159.61.3192.168.2.4
                                                                                              Sep 6, 2024 01:24:05.351876020 CEST57092443192.168.2.4162.159.61.3
                                                                                              Sep 6, 2024 01:24:05.352709055 CEST57770443192.168.2.423.219.82.59
                                                                                              Sep 6, 2024 01:24:06.011286020 CEST4435777023.219.82.59192.168.2.4
                                                                                              Sep 6, 2024 01:24:06.011301041 CEST4435777023.219.82.59192.168.2.4
                                                                                              Sep 6, 2024 01:24:06.011831045 CEST57770443192.168.2.423.219.82.59
                                                                                              Sep 6, 2024 01:24:06.111434937 CEST4435777023.219.82.59192.168.2.4
                                                                                              Sep 6, 2024 01:24:06.115372896 CEST4435777023.219.82.59192.168.2.4
                                                                                              Sep 6, 2024 01:24:06.115400076 CEST4435777023.219.82.59192.168.2.4
                                                                                              Sep 6, 2024 01:24:06.115408897 CEST4435777023.219.82.59192.168.2.4
                                                                                              Sep 6, 2024 01:24:06.115616083 CEST57770443192.168.2.423.219.82.59
                                                                                              Sep 6, 2024 01:24:06.150365114 CEST57770443192.168.2.423.219.82.59
                                                                                              Sep 6, 2024 01:24:06.211122036 CEST4435777023.219.82.59192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Sep 6, 2024 01:22:03.220877886 CEST192.168.2.41.1.1.10x1e88Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:03.221312046 CEST192.168.2.41.1.1.10xf9b5Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:03.378664017 CEST192.168.2.41.1.1.10xc18fStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:03.378806114 CEST192.168.2.41.1.1.10xf64eStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.052094936 CEST192.168.2.41.1.1.10xc795Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.052839994 CEST192.168.2.41.1.1.10x53efStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.055454969 CEST192.168.2.41.1.1.10x5cbaStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.055589914 CEST192.168.2.41.1.1.10x8b1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.181813955 CEST192.168.2.41.1.1.10x3690Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.181957960 CEST192.168.2.41.1.1.10x2ff5Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.712909937 CEST192.168.2.41.1.1.10xce34Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.753256083 CEST192.168.2.41.1.1.10x523fStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:09.881479979 CEST192.168.2.41.1.1.10xc3edStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:10.703722000 CEST192.168.2.41.1.1.10x2da3Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:10.839132071 CEST192.168.2.41.1.1.10xda70Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.296349049 CEST192.168.2.41.1.1.10xa323Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.300213099 CEST192.168.2.41.1.1.10x6bd2Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.301662922 CEST192.168.2.41.1.1.10xb0e3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.611839056 CEST192.168.2.41.1.1.10xbeaStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.613204002 CEST192.168.2.41.1.1.10x4b1dStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.622184038 CEST192.168.2.41.1.1.10xa6cfStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.622790098 CEST192.168.2.41.1.1.10x982Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.629806042 CEST192.168.2.41.1.1.10x4abStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.018243074 CEST192.168.2.41.1.1.10xed5eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.026845932 CEST192.168.2.41.1.1.10xbd75Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.035104990 CEST192.168.2.41.1.1.10x1ba0Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.178236961 CEST192.168.2.41.1.1.10x2ba6Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:23:07.626228094 CEST192.168.2.41.1.1.10x16b4Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:23:07.633294106 CEST192.168.2.41.1.1.10xb9b7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                              Sep 6, 2024 01:23:08.334670067 CEST192.168.2.41.1.1.10xb74Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:24:04.681793928 CEST192.168.2.41.1.1.10x79dfStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:24:04.681893110 CEST192.168.2.41.1.1.10x8cd8Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Sep 6, 2024 01:22:03.228255987 CEST1.1.1.1192.168.2.40x1e88No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:03.228570938 CEST1.1.1.1192.168.2.40xf9b5No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:03.385453939 CEST1.1.1.1192.168.2.40xc18fNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:03.385453939 CEST1.1.1.1192.168.2.40xc18fNo error (0)googlehosted.l.googleusercontent.com142.250.184.193A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:03.387681961 CEST1.1.1.1192.168.2.40xf64eNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:04.753890038 CEST1.1.1.1192.168.2.40x1dbeNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:04.759439945 CEST1.1.1.1192.168.2.40xf717No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:04.759439945 CEST1.1.1.1192.168.2.40xf717No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:05.757226944 CEST1.1.1.1192.168.2.40xcf56No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.058780909 CEST1.1.1.1192.168.2.40xc795No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.058780909 CEST1.1.1.1192.168.2.40xc795No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.059781075 CEST1.1.1.1192.168.2.40x53efNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.061916113 CEST1.1.1.1192.168.2.40x5cbaNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.061916113 CEST1.1.1.1192.168.2.40x5cbaNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.062036991 CEST1.1.1.1192.168.2.40x8b1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.188328981 CEST1.1.1.1192.168.2.40x3690No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.188328981 CEST1.1.1.1192.168.2.40x3690No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.188664913 CEST1.1.1.1192.168.2.40x2ff5No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.191886902 CEST1.1.1.1192.168.2.40xccdfNo error (0)shed.dual-low.s-part-0023.t-0009.t-msedge.nets-part-0023.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.191886902 CEST1.1.1.1192.168.2.40xccdfNo error (0)s-part-0023.t-0009.t-msedge.net13.107.246.51A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.214729071 CEST1.1.1.1192.168.2.40xd62aNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.214729071 CEST1.1.1.1192.168.2.40xd62aNo error (0)sni1gl.wpc.nucdn.net152.195.19.97A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.706374884 CEST1.1.1.1192.168.2.40xe8caNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:06.721740007 CEST1.1.1.1192.168.2.40xce34No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:10.587354898 CEST1.1.1.1192.168.2.40xc3edNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:10.587354898 CEST1.1.1.1192.168.2.40xc3edNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:10.836505890 CEST1.1.1.1192.168.2.40x2da3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:10.845909119 CEST1.1.1.1192.168.2.40xda70No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.303476095 CEST1.1.1.1192.168.2.40xa323No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.306857109 CEST1.1.1.1192.168.2.40x6bd2No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.306857109 CEST1.1.1.1192.168.2.40x6bd2No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.308367014 CEST1.1.1.1192.168.2.40xb0e3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:11.308367014 CEST1.1.1.1192.168.2.40xb0e3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.610975027 CEST1.1.1.1192.168.2.40x63bfNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.610975027 CEST1.1.1.1192.168.2.40x63bfNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.618418932 CEST1.1.1.1192.168.2.40xbeaNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.618418932 CEST1.1.1.1192.168.2.40xbeaNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.620161057 CEST1.1.1.1192.168.2.40x4b1dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:36.629307032 CEST1.1.1.1192.168.2.40x982No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.025244951 CEST1.1.1.1192.168.2.40xed5eNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.025244951 CEST1.1.1.1192.168.2.40xed5eNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.025244951 CEST1.1.1.1192.168.2.40xed5eNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.025244951 CEST1.1.1.1192.168.2.40xed5eNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.034545898 CEST1.1.1.1192.168.2.40xbd75No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.034545898 CEST1.1.1.1192.168.2.40xbd75No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.034545898 CEST1.1.1.1192.168.2.40xbd75No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.034545898 CEST1.1.1.1192.168.2.40xbd75No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.184899092 CEST1.1.1.1192.168.2.40x2ba6No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.184899092 CEST1.1.1.1192.168.2.40x2ba6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.847366095 CEST1.1.1.1192.168.2.40x4053No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:37.847366095 CEST1.1.1.1192.168.2.40x4053No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:38.808109045 CEST1.1.1.1192.168.2.40x4f3fNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:22:38.808109045 CEST1.1.1.1192.168.2.40x4f3fNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:23:07.625022888 CEST1.1.1.1192.168.2.40x9ab3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:23:07.632791042 CEST1.1.1.1192.168.2.40x16b4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:23:08.341676950 CEST1.1.1.1192.168.2.40xb74No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 6, 2024 01:23:08.341676950 CEST1.1.1.1192.168.2.40xb74No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:24:04.688492060 CEST1.1.1.1192.168.2.40x8cd8No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 6, 2024 01:24:04.688836098 CEST1.1.1.1192.168.2.40x79dfNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 6, 2024 01:24:04.688836098 CEST1.1.1.1192.168.2.40x79dfNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • clients2.googleusercontent.com
                                                                                              • chrome.cloudflare-dns.com
                                                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                              • edgeassetservice.azureedge.net
                                                                                              • https:
                                                                                                • www.google.com
                                                                                              • www.googleapis.com
                                                                                              • fs.microsoft.com
                                                                                              • slscr.update.microsoft.com
                                                                                              • detectportal.firefox.com

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.44978934.107.221.82807308C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 6, 2024 01:22:10.838480949 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 6, 2024 01:22:11.290759087 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                                              Age: 85021
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 6, 2024 01:22:21.310575962 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:22:31.321132898 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:22:37.079313040 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 6, 2024 01:22:37.175270081 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                                              Age: 85047
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.44979334.107.221.82807308C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 6, 2024 01:22:11.320590973 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 6, 2024 01:22:11.771297932 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Wed, 04 Sep 2024 23:45:15 GMT
                                                                                              Age: 85016
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 6, 2024 01:22:21.771637917 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:22:31.786756992 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.44980534.107.221.82807308C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 6, 2024 01:22:37.190490007 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 6, 2024 01:22:37.814986944 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 53832
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 6, 2024 01:22:37.854024887 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 53832
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 6, 2024 01:22:38.494496107 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 6, 2024 01:22:38.590116024 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 53833
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 6, 2024 01:22:38.616106987 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 6, 2024 01:22:38.711359024 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 53833
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 6, 2024 01:22:48.714433908 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:22:58.742750883 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:08.494369030 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 6, 2024 01:23:08.590286016 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 53863
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 6, 2024 01:23:18.596910000 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:28.616708040 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:38.628767967 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:48.638549089 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:58.646384954 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.44980634.107.221.82807308C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 6, 2024 01:22:37.836184978 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 6, 2024 01:22:38.490511894 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 62124
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 6, 2024 01:22:38.510040045 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 62124
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 6, 2024 01:22:38.516674995 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 6, 2024 01:22:38.614156961 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 62124
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 6, 2024 01:22:48.629800081 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:22:58.642410040 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:08.334642887 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 6, 2024 01:23:08.431941986 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 62154
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 6, 2024 01:23:18.443139076 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:28.463016033 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:38.480846882 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:48.494509935 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 6, 2024 01:23:58.499285936 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.449742142.250.184.1934437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:04 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                                              Host: clients2.googleusercontent.com
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:04 UTC573INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 135751
                                                                                              X-GUploader-UploadID: AD-8ljup6TbM7RFBvWc-kCA6OtI7NZOxTGFRr6nRdwjxXDCAgXFN40yyl5B0vtujwUOtH-PxPdv_mwDTvg
                                                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                                                              Server: UploadServer
                                                                                              Date: Thu, 05 Sep 2024 19:15:10 GMT
                                                                                              Expires: Fri, 05 Sep 2025 19:15:10 GMT
                                                                                              Cache-Control: public, max-age=31536000
                                                                                              Age: 14814
                                                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                                              Content-Type: application/x-chrome-extension
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 23:22:04 UTC817INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: fd c7 0f 59 dd ca cf cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d
                                                                                              Data Ascii: Y0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad
                                                                                              Data Ascii: xPd]DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewW
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: d9 73 4a e4 91 70 9d a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d
                                                                                              Data Ascii: sJp:fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: 58 f0 77 67 86 f4 73 f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb
                                                                                              Data Ascii: Xwgs9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: 4d 15 00 a4 81 86 68 ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a
                                                                                              Data Ascii: Mh3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: a0 8e 2c ba 65 e8 66 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82
                                                                                              Data Ascii: ,ef4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: 3f ec fa 62 d7 ae 70 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12
                                                                                              Data Ascii: ?bpnh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: f9 d6 22 50 e1 7c 45 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39
                                                                                              Data Ascii: "P|E'3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9
                                                                                              2024-09-05 23:22:04 UTC1390INData Raw: 4e 57 c1 ef e1 60 9a 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f
                                                                                              Data Ascii: NW`^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gOD


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.449756162.159.61.34437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 23:22:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 23:22:06 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 23:22:06 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be9f5a0787b429b-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 23:22:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcomPc)


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.449760162.159.61.34437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 23:22:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 23:22:06 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 23:22:06 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be9f5a05de1c481-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 23:22:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0f 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom()


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.449755162.159.61.34437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 23:22:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 23:22:06 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 23:22:06 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be9f5a07fe218c0-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 23:22:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 da 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom()


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.449763152.195.19.974437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:06 UTC622OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726183324&P2=404&P3=2&P4=aOYJzVg06kyne70fN%2bt0gmCefYUU5hs5f1%2fh7puyBeYhSQFN2G4Y0zlbUlzO09t%2bfRduTho5g2w%2fDDysTlp%2bwQ%3d%3d HTTP/1.1
                                                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                              Connection: keep-alive
                                                                                              MS-CV: eoRY9VQ+xJdpjE3zBEAWWp
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:07 UTC632INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 5505057
                                                                                              Cache-Control: public, max-age=17280000
                                                                                              Content-Type: application/x-chrome-extension
                                                                                              Date: Thu, 05 Sep 2024 23:22:06 GMT
                                                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                              Server: ECAcc (nyd/D11E)
                                                                                              X-AspNet-Version: 4.0.30319
                                                                                              X-AspNetMvc-Version: 5.3
                                                                                              X-Cache: HIT
                                                                                              X-CCC: US
                                                                                              X-CID: 11
                                                                                              X-Powered-By: ASP.NET
                                                                                              X-Powered-By: ARR/3.0
                                                                                              X-Powered-By: ASP.NET
                                                                                              Content-Length: 11185
                                                                                              Connection: close
                                                                                              2024-09-05 23:22:07 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.44976113.107.246.514437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:06 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                                                              Sec-Mesh-Client-OS: Windows
                                                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                              Sec-Mesh-Client-Arch: x86_64
                                                                                              Sec-Mesh-Client-WebView: 0
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:07 UTC583INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:06 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 70207
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                                              ETag: 0x8DCB31E67C22927
                                                                                              x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232206Z-16579567576pg4fvvmc18u0v4g0000000d0000000000vr36
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:07 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                              2024-09-05 23:22:07 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                                              2024-09-05 23:22:07 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                                              2024-09-05 23:22:07 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                                              2024-09-05 23:22:07 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.44976213.107.246.514437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:06 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: ArbitrationService
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:07 UTC552INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:06 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 11989
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 04 Sep 2024 17:17:44 GMT
                                                                                              ETag: 0x8DCCD057D8088C1
                                                                                              x-ms-request-id: f7ce689d-701e-002c-4072-ffea3a000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232206Z-16579567576xfl5xzh7yws029s0000000d30000000006q3d
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:07 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                                                              Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.44977013.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:08 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: Shoreline
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:08 UTC556INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:08 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 306698
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                              ETag: 0x8DBC9B5C40EBFF4
                                                                                              x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232208Z-165795675767hwjqv3v00bvq340000000d1000000000rb78
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:08 UTC15828INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 6b
                                                                                              Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp4'eD)q:k
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 02
                                                                                              Data Ascii: kD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-x$$QifD`7
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 f5
                                                                                              Data Ascii: g9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 03
                                                                                              Data Ascii: MR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 ec
                                                                                              Data Ascii: yfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 36
                                                                                              Data Ascii: .Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#6
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 85
                                                                                              Data Ascii: \m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 f6
                                                                                              Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO|4"
                                                                                              2024-09-05 23:22:08 UTC16384INData Raw: 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f 41
                                                                                              Data Ascii: dqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>uBRC)@7g_A


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              8192.168.2.449776142.250.80.464437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:09 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Host: play.google.com
                                                                                              Connection: keep-alive
                                                                                              Accept: */*
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: x-goog-authuser
                                                                                              Origin: https://accounts.google.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Sec-Fetch-Mode: cors
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Dest: empty
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:09 UTC520INHTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                              Access-Control-Max-Age: 86400
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Date: Thu, 05 Sep 2024 23:22:09 GMT
                                                                                              Server: Playlog
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              9192.168.2.449777142.250.80.464437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:09 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Host: play.google.com
                                                                                              Connection: keep-alive
                                                                                              Accept: */*
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: x-goog-authuser
                                                                                              Origin: https://accounts.google.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Sec-Fetch-Mode: cors
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Dest: empty
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:09 UTC520INHTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                              Access-Control-Max-Age: 86400
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Date: Thu, 05 Sep 2024 23:22:09 GMT
                                                                                              Server: Playlog
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              10192.168.2.44978013.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:10 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1966
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                              ETag: 0x8DBDCB5EC122A94
                                                                                              x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232210Z-165795675766wv96mecap1swx40000000d70000000002t5m
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:10 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              11192.168.2.44977913.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:10 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1427
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                              ETag: 0x8DBDCB5EF021F8E
                                                                                              x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232210Z-165795675767jvm9z21nmtw4wn0000000cx0000000007egc
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:10 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              12192.168.2.44978313.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:10 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1751
                                                                                              Connection: close
                                                                                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                              ETag: 0x8DBCEA8D5AACC85
                                                                                              x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232210Z-16579567576l4p9bs8an1npq1n0000000cwg0000000062fz
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:10 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              13192.168.2.44978113.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:10 UTC543INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 2008
                                                                                              Connection: close
                                                                                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                              ETag: 0x8DBC9B5C0C17219
                                                                                              x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232210Z-16579567576pg4fvvmc18u0v4g0000000d0000000000vr98
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:10 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              14192.168.2.44978413.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:10 UTC515INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 2229
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                              ETag: 0x8DBD59359A9E77B
                                                                                              x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232210Z-16579567576p25xcxh3nycmsaw0000000cu0000000004d3r
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:10 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              15192.168.2.449786142.251.40.1324437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC899OUTGET /favicon.ico HTTP/1.1
                                                                                              Host: www.google.com
                                                                                              Connection: keep-alive
                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                              sec-ch-ua-mobile: ?0
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              sec-ch-ua-arch: "x86"
                                                                                              sec-ch-ua-full-version: "117.0.2045.47"
                                                                                              sec-ch-ua-platform-version: "10.0.0"
                                                                                              sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                                              sec-ch-ua-bitness: "64"
                                                                                              sec-ch-ua-model: ""
                                                                                              sec-ch-ua-wow64: ?0
                                                                                              sec-ch-ua-platform: "Windows"
                                                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: image
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:10 UTC705INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                              Content-Length: 5430
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Server: sffe
                                                                                              X-XSS-Protection: 0
                                                                                              Date: Thu, 05 Sep 2024 22:48:01 GMT
                                                                                              Expires: Fri, 13 Sep 2024 22:48:01 GMT
                                                                                              Cache-Control: public, max-age=691200
                                                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                              Content-Type: image/x-icon
                                                                                              Vary: Accept-Encoding
                                                                                              Age: 2049
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 23:22:10 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                                                              2024-09-05 23:22:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                                              2024-09-05 23:22:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                              2024-09-05 23:22:10 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                              Data Ascii: BBBBBBF!4I
                                                                                              2024-09-05 23:22:10 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                              Data Ascii: $'


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              16192.168.2.449785184.28.90.27443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              Accept-Encoding: identity
                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                              Host: fs.microsoft.com
                                                                                              2024-09-05 23:22:11 UTC466INHTTP/1.1 200 OK
                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                              Content-Type: application/octet-stream
                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Server: ECAcc (lpl/EF67)
                                                                                              X-CID: 11
                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                              X-Ms-Region: prod-weu-z1
                                                                                              Cache-Control: public, max-age=62610
                                                                                              Date: Thu, 05 Sep 2024 23:22:10 GMT
                                                                                              Connection: close
                                                                                              X-CID: 2


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              17192.168.2.44978213.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:10 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:10 UTC543INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:10 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1154
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                              ETag: 0x8DBD5935D5B3965
                                                                                              x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232210Z-16579567576w5bqfyu10zdac7g0000000cwg000000006ugq
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:10 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              18192.168.2.449791142.250.176.2024437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:11 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                                                              Host: www.googleapis.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 119
                                                                                              Content-Type: application/json
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:11 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 30 79 62 4a 75 32 78 79 2f 48 46 6e 78 51 56 6e 6c 67 6c 6e 63 37 4f 72 42 4d 73 4b 66 37 48 46 36 55 34 61 79 6a 2f 71 44 66 41 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                                                              Data Ascii: {"hash":"0ybJu2xy/HFnxQVnlglnc7OrBMsKf7HF6U4ayj/qDfA=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                                                              2024-09-05 23:22:11 UTC341INHTTP/1.1 200 OK
                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                              Vary: Origin
                                                                                              Vary: X-Origin
                                                                                              Vary: Referer
                                                                                              Date: Thu, 05 Sep 2024 23:22:11 GMT
                                                                                              Server: ESF
                                                                                              Content-Length: 483
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 23:22:11 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 69 77 67 32 75 6f 56 6d 45 76 48 4b 47 58 75 64 77 55 57 36 49 4c 44 44 4a 6c 35 5a 36 56 68 64 76 54 44 4c 70 6a 30 66 38 58 79 50 52 6a 47 72 69 45 50 4f 5a 6d 79 6c 7a 69 30 67 59 6f 34 6d 6a 38 50 4c 6c 55 46 48 4d 69 44 64 78 70 74 30 42 72 4f 77 2b 53 6a 30 71 54 70 64 64 30 52 73 38 2f 57 44 47 2f 49 50 4e 57 78 6d 72 79 6d 43 2b 4c 46 57 2f 79 39 63 65 6c 35 62 67 32 58 62 57 65 42 38 36 44 35 5a 62 57 64 4a 33 71 32 65 68 59 48 76 32 63 75 33 76 74 47 51 6e 66 56 6f 35 6d 64 45 49 55 65 48 69 42 34 69 69 50 5a 79 54 51 39 42 2b 4e 37 74 75 56 37 2f 53 64 6a 56 4e 35 4f 64 79 61 62 73 47 2b 70 57 56 57 5a 64 43 42 30 42
                                                                                              Data Ascii: { "protocol_version": 1, "signature": "iwg2uoVmEvHKGXudwUW6ILDDJl5Z6VhdvTDLpj0f8XyPRjGriEPOZmylzi0gYo4mj8PLlUFHMiDdxpt0BrOw+Sj0qTpdd0Rs8/WDG/IPNWxmrymC+LFW/y9cel5bg2XbWeB86D5ZbWdJ3q2ehYHv2cu3vtGQnfVo5mdEIUeHiB4iiPZyTQ9B+N7tuV7/SdjVN5OdyabsG+pWVWZdCB0B


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              19192.168.2.44979013.107.246.404437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:11 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:22:11 UTC543INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 23:22:11 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1468
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                              ETag: 0x8DBDCB5E23DFC43
                                                                                              x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T232211Z-165795675762h26c6ze2t4q7600000000d1g00000000r4uf
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 23:22:11 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              20192.168.2.449792184.28.90.27443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:11 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              Accept-Encoding: identity
                                                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Range: bytes=0-2147483646
                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                              Host: fs.microsoft.com
                                                                                              2024-09-05 23:22:11 UTC514INHTTP/1.1 200 OK
                                                                                              ApiVersion: Distribute 1.1
                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                              Content-Type: application/octet-stream
                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Server: ECAcc (lpl/EF06)
                                                                                              X-CID: 11
                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                              X-Ms-Region: prod-weu-z1
                                                                                              Cache-Control: public, max-age=62663
                                                                                              Date: Thu, 05 Sep 2024 23:22:11 GMT
                                                                                              Content-Length: 55
                                                                                              Connection: close
                                                                                              X-CID: 2
                                                                                              2024-09-05 23:22:11 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              21192.168.2.44979413.85.23.86443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:17 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3Omy4zHVUDea5BE&MD=LkL2t7UB HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                              Host: slscr.update.microsoft.com
                                                                                              2024-09-05 23:22:17 UTC560INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/octet-stream
                                                                                              Expires: -1
                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                              MS-CorrelationId: 0b762c15-f40b-456f-a1a1-d524c8ba3e0e
                                                                                              MS-RequestId: 33865263-8052-4c13-be90-1f0fd4dcd3a3
                                                                                              MS-CV: IGaHKb8PEUSC+3V3.0
                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Date: Thu, 05 Sep 2024 23:22:16 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 24490
                                                                                              2024-09-05 23:22:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                              2024-09-05 23:22:17 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              22192.168.2.44981113.85.23.86443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:22:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3Omy4zHVUDea5BE&MD=LkL2t7UB HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                              Host: slscr.update.microsoft.com
                                                                                              2024-09-05 23:22:55 UTC560INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/octet-stream
                                                                                              Expires: -1
                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                              MS-CorrelationId: 3c3f99ae-01bc-4069-a5fe-02ceebd5f775
                                                                                              MS-RequestId: 08eff988-37fe-4586-834f-5845a8cb0322
                                                                                              MS-CV: +eY0rlZ4vkSnRGEa.0
                                                                                              X-Microsoft-SLSClientCache: 1440
                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Date: Thu, 05 Sep 2024 23:22:54 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 30005
                                                                                              2024-09-05 23:22:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                              2024-09-05 23:22:55 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              23192.168.2.44981323.200.0.424437692C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 23:23:04 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                                              Host: bzib.nelreports.net
                                                                                              Connection: keep-alive
                                                                                              Origin: https://business.bing.com
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: content-type
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 23:23:04 UTC331INHTTP/1.1 429 Too Many Requests
                                                                                              Content-Length: 0
                                                                                              Date: Thu, 05 Sep 2024 23:23:04 GMT
                                                                                              Connection: close
                                                                                              PMUSER_FORMAT_QS:
                                                                                              X-CDN-TraceId: 0.2aac2d17.1725578584.5fec6b0
                                                                                              Access-Control-Allow-Credentials: false
                                                                                              Access-Control-Allow-Methods: *
                                                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                              Access-Control-Allow-Origin: *


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:19:21:56
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                              Imagebase:0x370000
                                                                                              File size:917'504 bytes
                                                                                              MD5 hash:33C800AE059656E1C13D9BBBF80C9865
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:19:21:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:19:21:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:19:21:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:19:21:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1992,i,12574565550007719994,15380727788805795962,262144 /prefetch:3
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:19:21:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:19:21:57
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:19:21:59
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:3
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:9
                                                                                              Start time:19:22:02
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2340 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1277e188-7dee-4079-b382-4169d11bcab3} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02870510 socket
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:11
                                                                                              Start time:19:22:02
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:12
                                                                                              Start time:19:22:02
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6656 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:14
                                                                                              Start time:19:22:03
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
                                                                                              Imagebase:0x7ff61dcb0000
                                                                                              File size:1'255'976 bytes
                                                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:15
                                                                                              Start time:19:22:03
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6932 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
                                                                                              Imagebase:0x7ff61dcb0000
                                                                                              File size:1'255'976 bytes
                                                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:16
                                                                                              Start time:19:22:05
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -parentBuildID 20230927232528 -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e839537a-5e7e-4d2d-9112-3fc62bbeb606} 7308 "\\.\pipe\gecko-crash-server-pipe.7308" 1da02843a10 rdd
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:18
                                                                                              Start time:19:22:16
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:19
                                                                                              Start time:19:22:17
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2036,i,17134127534699743552,13203090147020171696,262144 /prefetch:3
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:22
                                                                                              Start time:19:22:24
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:23
                                                                                              Start time:19:22:24
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1996,i,5599362805012294974,11427720567035323471,262144 /prefetch:3
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:24
                                                                                              Start time:19:22:58
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7208 --field-trial-handle=2400,i,3737716652015517582,14779103909075508423,262144 /prefetch:8
                                                                                              Imagebase:0x7ff67dcd0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:false

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:1.9%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:7.5%
                                                                                                Total number of Nodes:1408
                                                                                                Total number of Limit Nodes:37
                                                                                                execution_graph 94174 372e37 94253 37a961 94174->94253 94178 372e6b 94272 373a5a 94178->94272 94180 372e7f 94279 379cb3 94180->94279 94185 372ead 94307 37a8c7 22 API calls __fread_nolock 94185->94307 94186 3b2cb0 94325 3e2cf9 94186->94325 94188 3b2cc3 94192 3b2ccf 94188->94192 94351 374f39 94188->94351 94190 372ec3 94308 376f88 22 API calls 94190->94308 94195 374f39 68 API calls 94192->94195 94194 372ecf 94196 379cb3 22 API calls 94194->94196 94197 3b2ce5 94195->94197 94198 372edc 94196->94198 94357 373084 22 API calls 94197->94357 94309 37a81b 41 API calls 94198->94309 94201 372eec 94203 379cb3 22 API calls 94201->94203 94202 3b2d02 94358 373084 22 API calls 94202->94358 94205 372f12 94203->94205 94310 37a81b 41 API calls 94205->94310 94206 3b2d1e 94208 373a5a 24 API calls 94206->94208 94209 3b2d44 94208->94209 94359 373084 22 API calls 94209->94359 94210 372f21 94212 37a961 22 API calls 94210->94212 94214 372f3f 94212->94214 94213 3b2d50 94360 37a8c7 22 API calls __fread_nolock 94213->94360 94311 373084 22 API calls 94214->94311 94217 3b2d5e 94361 373084 22 API calls 94217->94361 94218 372f4b 94312 394a28 40 API calls 3 library calls 94218->94312 94220 3b2d6d 94362 37a8c7 22 API calls __fread_nolock 94220->94362 94222 372f59 94222->94197 94223 372f63 94222->94223 94313 394a28 40 API calls 3 library calls 94223->94313 94226 3b2d83 94363 373084 22 API calls 94226->94363 94227 372f6e 94227->94202 94229 372f78 94227->94229 94314 394a28 40 API calls 3 library calls 94229->94314 94230 3b2d90 94232 372f83 94232->94206 94233 372f8d 94232->94233 94315 394a28 40 API calls 3 library calls 94233->94315 94235 372f98 94236 372fdc 94235->94236 94316 373084 22 API calls 94235->94316 94236->94220 94237 372fe8 94236->94237 94237->94230 94319 3763eb 22 API calls 94237->94319 94239 372fbf 94317 37a8c7 22 API calls __fread_nolock 94239->94317 94242 372ff8 94320 376a50 22 API calls 94242->94320 94243 372fcd 94318 373084 22 API calls 94243->94318 94246 373006 94321 3770b0 23 API calls 94246->94321 94250 373021 94251 373065 94250->94251 94322 376f88 22 API calls 94250->94322 94323 3770b0 23 API calls 94250->94323 94324 373084 22 API calls 94250->94324 94364 38fe0b 94253->94364 94255 37a976 94374 38fddb 94255->94374 94257 372e4d 94258 374ae3 94257->94258 94259 374af0 __wsopen_s 94258->94259 94261 374b22 94259->94261 94402 376b57 94259->94402 94264 374b58 94261->94264 94399 374c6d 94261->94399 94263 374c29 94265 374c5e 94263->94265 94266 379cb3 22 API calls 94263->94266 94264->94263 94267 379cb3 22 API calls 94264->94267 94271 374c6d 22 API calls 94264->94271 94414 37515f 94264->94414 94265->94178 94268 374c52 94266->94268 94267->94264 94269 37515f 22 API calls 94268->94269 94269->94265 94271->94264 94431 3b1f50 94272->94431 94275 379cb3 22 API calls 94276 373a8d 94275->94276 94433 373aa2 94276->94433 94278 373a97 94278->94180 94280 379cc2 _wcslen 94279->94280 94281 38fe0b 22 API calls 94280->94281 94282 379cea __fread_nolock 94281->94282 94283 38fddb 22 API calls 94282->94283 94284 372e8c 94283->94284 94285 374ecb 94284->94285 94453 374e90 LoadLibraryA 94285->94453 94290 374ef6 LoadLibraryExW 94461 374e59 LoadLibraryA 94290->94461 94291 3b3ccf 94293 374f39 68 API calls 94291->94293 94295 3b3cd6 94293->94295 94297 374e59 3 API calls 94295->94297 94300 3b3cde 94297->94300 94298 374f20 94299 374f2c 94298->94299 94298->94300 94302 374f39 68 API calls 94299->94302 94483 3750f5 94300->94483 94304 372ea5 94302->94304 94304->94185 94304->94186 94306 3b3d05 94307->94190 94308->94194 94309->94201 94310->94210 94311->94218 94312->94222 94313->94227 94314->94232 94315->94235 94316->94239 94317->94243 94318->94236 94319->94242 94320->94246 94321->94250 94322->94250 94323->94250 94324->94250 94326 3e2d15 94325->94326 94327 37511f 64 API calls 94326->94327 94328 3e2d29 94327->94328 94633 3e2e66 94328->94633 94331 3750f5 40 API calls 94333 3e2d56 94331->94333 94332 3e2d3f 94332->94188 94334 3750f5 40 API calls 94333->94334 94335 3e2d66 94334->94335 94336 3750f5 40 API calls 94335->94336 94337 3e2d81 94336->94337 94338 3750f5 40 API calls 94337->94338 94339 3e2d9c 94338->94339 94340 37511f 64 API calls 94339->94340 94341 3e2db3 94340->94341 94342 39ea0c ___std_exception_copy 21 API calls 94341->94342 94343 3e2dba 94342->94343 94344 39ea0c ___std_exception_copy 21 API calls 94343->94344 94345 3e2dc4 94344->94345 94346 3750f5 40 API calls 94345->94346 94347 3e2dd8 94346->94347 94348 3e28fe 27 API calls 94347->94348 94349 3e2dee 94348->94349 94349->94332 94639 3e22ce 79 API calls 94349->94639 94352 374f43 94351->94352 94353 374f4a 94351->94353 94640 39e678 94352->94640 94355 374f6a FreeLibrary 94353->94355 94356 374f59 94353->94356 94355->94356 94356->94192 94357->94202 94358->94206 94359->94213 94360->94217 94361->94220 94362->94226 94363->94230 94367 38fddb 94364->94367 94366 38fdfa 94366->94255 94367->94366 94369 38fdfc 94367->94369 94384 39ea0c 94367->94384 94391 394ead 7 API calls 2 library calls 94367->94391 94370 39066d 94369->94370 94392 3932a4 RaiseException 94369->94392 94393 3932a4 RaiseException 94370->94393 94373 39068a 94373->94255 94377 38fde0 94374->94377 94375 39ea0c ___std_exception_copy 21 API calls 94375->94377 94376 38fdfa 94376->94257 94377->94375 94377->94376 94380 38fdfc 94377->94380 94396 394ead 7 API calls 2 library calls 94377->94396 94379 39066d 94398 3932a4 RaiseException 94379->94398 94380->94379 94397 3932a4 RaiseException 94380->94397 94383 39068a 94383->94257 94389 3a3820 __dosmaperr 94384->94389 94385 3a385e 94395 39f2d9 20 API calls __dosmaperr 94385->94395 94387 3a3849 RtlAllocateHeap 94388 3a385c 94387->94388 94387->94389 94388->94367 94389->94385 94389->94387 94394 394ead 7 API calls 2 library calls 94389->94394 94391->94367 94392->94370 94393->94373 94394->94389 94395->94388 94396->94377 94397->94379 94398->94383 94420 37aec9 94399->94420 94401 374c78 94401->94261 94403 376b67 _wcslen 94402->94403 94404 3b4ba1 94402->94404 94407 376ba2 94403->94407 94408 376b7d 94403->94408 94427 3793b2 94404->94427 94406 3b4baa 94406->94406 94410 38fddb 22 API calls 94407->94410 94426 376f34 22 API calls 94408->94426 94412 376bae 94410->94412 94411 376b85 __fread_nolock 94411->94261 94413 38fe0b 22 API calls 94412->94413 94413->94411 94415 37516e 94414->94415 94419 37518f __fread_nolock 94414->94419 94418 38fe0b 22 API calls 94415->94418 94416 38fddb 22 API calls 94417 3751a2 94416->94417 94417->94264 94418->94419 94419->94416 94421 37aedc 94420->94421 94422 37aed9 __fread_nolock 94420->94422 94423 38fddb 22 API calls 94421->94423 94422->94401 94424 37aee7 94423->94424 94425 38fe0b 22 API calls 94424->94425 94425->94422 94426->94411 94428 3793c0 94427->94428 94430 3793c9 __fread_nolock 94427->94430 94429 37aec9 22 API calls 94428->94429 94428->94430 94429->94430 94430->94406 94432 373a67 GetModuleFileNameW 94431->94432 94432->94275 94434 3b1f50 __wsopen_s 94433->94434 94435 373aaf GetFullPathNameW 94434->94435 94436 373ace 94435->94436 94437 373ae9 94435->94437 94438 376b57 22 API calls 94436->94438 94447 37a6c3 94437->94447 94440 373ada 94438->94440 94443 3737a0 94440->94443 94444 3737ae 94443->94444 94445 3793b2 22 API calls 94444->94445 94446 3737c2 94445->94446 94446->94278 94448 37a6d0 94447->94448 94449 37a6dd 94447->94449 94448->94440 94450 38fddb 22 API calls 94449->94450 94451 37a6e7 94450->94451 94452 38fe0b 22 API calls 94451->94452 94452->94448 94454 374ec6 94453->94454 94455 374ea8 GetProcAddress 94453->94455 94458 39e5eb 94454->94458 94456 374eb8 94455->94456 94456->94454 94457 374ebf FreeLibrary 94456->94457 94457->94454 94491 39e52a 94458->94491 94460 374eea 94460->94290 94460->94291 94462 374e6e GetProcAddress 94461->94462 94463 374e8d 94461->94463 94464 374e7e 94462->94464 94466 374f80 94463->94466 94464->94463 94465 374e86 FreeLibrary 94464->94465 94465->94463 94467 38fe0b 22 API calls 94466->94467 94468 374f95 94467->94468 94559 375722 94468->94559 94470 374fa1 __fread_nolock 94471 3750a5 94470->94471 94472 3b3d1d 94470->94472 94476 374fdc 94470->94476 94562 3742a2 CreateStreamOnHGlobal 94471->94562 94573 3e304d 74 API calls 94472->94573 94475 3b3d22 94478 37511f 64 API calls 94475->94478 94476->94475 94477 3750f5 40 API calls 94476->94477 94482 37506e ISource 94476->94482 94568 37511f 94476->94568 94477->94476 94479 3b3d45 94478->94479 94480 3750f5 40 API calls 94479->94480 94480->94482 94482->94298 94484 375107 94483->94484 94485 3b3d70 94483->94485 94595 39e8c4 94484->94595 94488 3e28fe 94616 3e274e 94488->94616 94490 3e2919 94490->94306 94493 39e536 __FrameHandler3::FrameUnwindToState 94491->94493 94492 39e544 94516 39f2d9 20 API calls __dosmaperr 94492->94516 94493->94492 94495 39e574 94493->94495 94498 39e579 94495->94498 94499 39e586 94495->94499 94496 39e549 94517 3a27ec 26 API calls pre_c_initialization 94496->94517 94518 39f2d9 20 API calls __dosmaperr 94498->94518 94508 3a8061 94499->94508 94502 39e58f 94504 39e5a2 94502->94504 94505 39e595 94502->94505 94503 39e554 __wsopen_s 94503->94460 94520 39e5d4 LeaveCriticalSection __fread_nolock 94504->94520 94519 39f2d9 20 API calls __dosmaperr 94505->94519 94509 3a806d __FrameHandler3::FrameUnwindToState 94508->94509 94521 3a2f5e EnterCriticalSection 94509->94521 94511 3a807b 94522 3a80fb 94511->94522 94515 3a80ac __wsopen_s 94515->94502 94516->94496 94517->94503 94518->94503 94519->94503 94520->94503 94521->94511 94523 3a811e 94522->94523 94524 3a8177 94523->94524 94531 3a8088 94523->94531 94538 39918d EnterCriticalSection 94523->94538 94539 3991a1 LeaveCriticalSection 94523->94539 94540 3a4c7d 94524->94540 94529 3a8189 94529->94531 94553 3a3405 11 API calls 2 library calls 94529->94553 94535 3a80b7 94531->94535 94532 3a81a8 94554 39918d EnterCriticalSection 94532->94554 94558 3a2fa6 LeaveCriticalSection 94535->94558 94537 3a80be 94537->94515 94538->94523 94539->94523 94545 3a4c8a __dosmaperr 94540->94545 94541 3a4cca 94556 39f2d9 20 API calls __dosmaperr 94541->94556 94542 3a4cb5 RtlAllocateHeap 94543 3a4cc8 94542->94543 94542->94545 94547 3a29c8 94543->94547 94545->94541 94545->94542 94555 394ead 7 API calls 2 library calls 94545->94555 94548 3a29d3 RtlFreeHeap 94547->94548 94549 3a29fc __dosmaperr 94547->94549 94548->94549 94550 3a29e8 94548->94550 94549->94529 94557 39f2d9 20 API calls __dosmaperr 94550->94557 94552 3a29ee GetLastError 94552->94549 94553->94532 94554->94531 94555->94545 94556->94543 94557->94552 94558->94537 94560 38fddb 22 API calls 94559->94560 94561 375734 94560->94561 94561->94470 94563 3742bc FindResourceExW 94562->94563 94567 3742d9 94562->94567 94564 3b35ba LoadResource 94563->94564 94563->94567 94565 3b35cf SizeofResource 94564->94565 94564->94567 94566 3b35e3 LockResource 94565->94566 94565->94567 94566->94567 94567->94476 94569 37512e 94568->94569 94570 3b3d90 94568->94570 94574 39ece3 94569->94574 94573->94475 94577 39eaaa 94574->94577 94576 37513c 94576->94476 94578 39eab6 __FrameHandler3::FrameUnwindToState 94577->94578 94579 39eac2 94578->94579 94581 39eae8 94578->94581 94590 39f2d9 20 API calls __dosmaperr 94579->94590 94592 39918d EnterCriticalSection 94581->94592 94582 39eac7 94591 3a27ec 26 API calls pre_c_initialization 94582->94591 94584 39eaf4 94593 39ec0a 62 API calls 2 library calls 94584->94593 94587 39eb08 94594 39eb27 LeaveCriticalSection __fread_nolock 94587->94594 94589 39ead2 __wsopen_s 94589->94576 94590->94582 94591->94589 94592->94584 94593->94587 94594->94589 94598 39e8e1 94595->94598 94597 375118 94597->94488 94599 39e8ed __FrameHandler3::FrameUnwindToState 94598->94599 94600 39e92d 94599->94600 94601 39e900 ___scrt_fastfail 94599->94601 94602 39e925 __wsopen_s 94599->94602 94613 39918d EnterCriticalSection 94600->94613 94611 39f2d9 20 API calls __dosmaperr 94601->94611 94602->94597 94605 39e937 94614 39e6f8 38 API calls 4 library calls 94605->94614 94607 39e91a 94612 3a27ec 26 API calls pre_c_initialization 94607->94612 94608 39e94e 94615 39e96c LeaveCriticalSection __fread_nolock 94608->94615 94611->94607 94612->94602 94613->94605 94614->94608 94615->94602 94619 39e4e8 94616->94619 94618 3e275d 94618->94490 94622 39e469 94619->94622 94621 39e505 94621->94618 94623 39e478 94622->94623 94624 39e48c 94622->94624 94630 39f2d9 20 API calls __dosmaperr 94623->94630 94629 39e488 __alldvrm 94624->94629 94632 3a333f 11 API calls 2 library calls 94624->94632 94626 39e47d 94631 3a27ec 26 API calls pre_c_initialization 94626->94631 94629->94621 94630->94626 94631->94629 94632->94629 94634 3e2e7a 94633->94634 94635 3750f5 40 API calls 94634->94635 94636 3e28fe 27 API calls 94634->94636 94637 3e2d3b 94634->94637 94638 37511f 64 API calls 94634->94638 94635->94634 94636->94634 94637->94331 94637->94332 94638->94634 94639->94332 94641 39e684 __FrameHandler3::FrameUnwindToState 94640->94641 94642 39e6aa 94641->94642 94643 39e695 94641->94643 94652 39e6a5 __wsopen_s 94642->94652 94653 39918d EnterCriticalSection 94642->94653 94670 39f2d9 20 API calls __dosmaperr 94643->94670 94645 39e69a 94671 3a27ec 26 API calls pre_c_initialization 94645->94671 94648 39e6c6 94654 39e602 94648->94654 94650 39e6d1 94672 39e6ee LeaveCriticalSection __fread_nolock 94650->94672 94652->94353 94653->94648 94655 39e60f 94654->94655 94656 39e624 94654->94656 94705 39f2d9 20 API calls __dosmaperr 94655->94705 94662 39e61f 94656->94662 94673 39dc0b 94656->94673 94658 39e614 94706 3a27ec 26 API calls pre_c_initialization 94658->94706 94662->94650 94666 39e646 94690 3a862f 94666->94690 94669 3a29c8 _free 20 API calls 94669->94662 94670->94645 94671->94652 94672->94652 94674 39dc23 94673->94674 94676 39dc1f 94673->94676 94675 39d955 __fread_nolock 26 API calls 94674->94675 94674->94676 94677 39dc43 94675->94677 94679 3a4d7a 94676->94679 94707 3a59be 62 API calls 4 library calls 94677->94707 94680 3a4d90 94679->94680 94681 39e640 94679->94681 94680->94681 94682 3a29c8 _free 20 API calls 94680->94682 94683 39d955 94681->94683 94682->94681 94684 39d961 94683->94684 94685 39d976 94683->94685 94708 39f2d9 20 API calls __dosmaperr 94684->94708 94685->94666 94687 39d966 94709 3a27ec 26 API calls pre_c_initialization 94687->94709 94689 39d971 94689->94666 94691 3a863e 94690->94691 94692 3a8653 94690->94692 94713 39f2c6 20 API calls __dosmaperr 94691->94713 94694 3a868e 94692->94694 94699 3a867a 94692->94699 94715 39f2c6 20 API calls __dosmaperr 94694->94715 94696 3a8643 94714 39f2d9 20 API calls __dosmaperr 94696->94714 94697 3a8693 94716 39f2d9 20 API calls __dosmaperr 94697->94716 94710 3a8607 94699->94710 94702 39e64c 94702->94662 94702->94669 94703 3a869b 94717 3a27ec 26 API calls pre_c_initialization 94703->94717 94705->94658 94706->94662 94707->94676 94708->94687 94709->94689 94718 3a8585 94710->94718 94712 3a862b 94712->94702 94713->94696 94714->94702 94715->94697 94716->94703 94717->94702 94719 3a8591 __FrameHandler3::FrameUnwindToState 94718->94719 94729 3a5147 EnterCriticalSection 94719->94729 94721 3a859f 94722 3a85d1 94721->94722 94723 3a85c6 94721->94723 94745 39f2d9 20 API calls __dosmaperr 94722->94745 94730 3a86ae 94723->94730 94726 3a85cc 94746 3a85fb LeaveCriticalSection __wsopen_s 94726->94746 94728 3a85ee __wsopen_s 94728->94712 94729->94721 94747 3a53c4 94730->94747 94732 3a86c4 94760 3a5333 21 API calls 2 library calls 94732->94760 94734 3a86be 94734->94732 94735 3a86f6 94734->94735 94738 3a53c4 __wsopen_s 26 API calls 94734->94738 94735->94732 94736 3a53c4 __wsopen_s 26 API calls 94735->94736 94739 3a8702 FindCloseChangeNotification 94736->94739 94737 3a871c 94740 3a873e 94737->94740 94761 39f2a3 20 API calls __dosmaperr 94737->94761 94741 3a86ed 94738->94741 94739->94732 94743 3a870e GetLastError 94739->94743 94740->94726 94742 3a53c4 __wsopen_s 26 API calls 94741->94742 94742->94735 94743->94732 94745->94726 94746->94728 94748 3a53d1 94747->94748 94751 3a53e6 94747->94751 94762 39f2c6 20 API calls __dosmaperr 94748->94762 94750 3a53d6 94763 39f2d9 20 API calls __dosmaperr 94750->94763 94754 3a540b 94751->94754 94764 39f2c6 20 API calls __dosmaperr 94751->94764 94754->94734 94755 3a5416 94765 39f2d9 20 API calls __dosmaperr 94755->94765 94757 3a53de 94757->94734 94758 3a541e 94766 3a27ec 26 API calls pre_c_initialization 94758->94766 94760->94737 94761->94740 94762->94750 94763->94757 94764->94755 94765->94758 94766->94757 94767 373156 94770 373170 94767->94770 94771 373187 94770->94771 94772 37318c 94771->94772 94773 3731eb 94771->94773 94809 3731e9 94771->94809 94774 373265 PostQuitMessage 94772->94774 94775 373199 94772->94775 94777 3b2dfb 94773->94777 94778 3731f1 94773->94778 94812 37316a 94774->94812 94780 3731a4 94775->94780 94781 3b2e7c 94775->94781 94776 3731d0 DefWindowProcW 94776->94812 94822 3718e2 10 API calls 94777->94822 94782 37321d SetTimer RegisterWindowMessageW 94778->94782 94783 3731f8 94778->94783 94785 3b2e68 94780->94785 94786 3731ae 94780->94786 94836 3dbf30 34 API calls ___scrt_fastfail 94781->94836 94787 373246 CreatePopupMenu 94782->94787 94782->94812 94789 373201 KillTimer 94783->94789 94790 3b2d9c 94783->94790 94784 3b2e1c 94823 38e499 42 API calls 94784->94823 94835 3dc161 27 API calls ___scrt_fastfail 94785->94835 94793 3b2e4d 94786->94793 94794 3731b9 94786->94794 94787->94812 94815 3730f2 94789->94815 94796 3b2da1 94790->94796 94797 3b2dd7 MoveWindow 94790->94797 94793->94776 94834 3d0ad7 22 API calls 94793->94834 94801 3731c4 94794->94801 94802 373253 94794->94802 94795 3b2e8e 94795->94776 94795->94812 94803 3b2da7 94796->94803 94804 3b2dc6 SetFocus 94796->94804 94797->94812 94800 373263 94800->94812 94801->94776 94811 3730f2 Shell_NotifyIconW 94801->94811 94820 37326f 44 API calls ___scrt_fastfail 94802->94820 94803->94801 94807 3b2db0 94803->94807 94804->94812 94821 3718e2 10 API calls 94807->94821 94809->94776 94813 3b2e41 94811->94813 94824 373837 94813->94824 94816 373154 94815->94816 94817 373104 ___scrt_fastfail 94815->94817 94819 373c50 DeleteObject DestroyWindow 94816->94819 94818 373123 Shell_NotifyIconW 94817->94818 94818->94816 94819->94812 94820->94800 94821->94812 94822->94784 94823->94801 94825 373862 ___scrt_fastfail 94824->94825 94837 374212 94825->94837 94828 3738e8 94830 373906 Shell_NotifyIconW 94828->94830 94831 3b3386 Shell_NotifyIconW 94828->94831 94841 373923 94830->94841 94833 37391c 94833->94809 94834->94809 94835->94800 94836->94795 94838 3738b7 94837->94838 94839 3b35a4 94837->94839 94838->94828 94863 3dc874 42 API calls _strftime 94838->94863 94839->94838 94840 3b35ad DestroyIcon 94839->94840 94840->94838 94842 37393f 94841->94842 94861 373a13 94841->94861 94864 376270 94842->94864 94845 3b3393 LoadStringW 94848 3b33ad 94845->94848 94846 37395a 94847 376b57 22 API calls 94846->94847 94849 37396f 94847->94849 94856 373994 ___scrt_fastfail 94848->94856 94870 37a8c7 22 API calls __fread_nolock 94848->94870 94850 3b33c9 94849->94850 94851 37397c 94849->94851 94871 376350 22 API calls 94850->94871 94851->94848 94853 373986 94851->94853 94869 376350 22 API calls 94853->94869 94858 3739f9 Shell_NotifyIconW 94856->94858 94857 3b33d7 94857->94856 94872 3733c6 94857->94872 94858->94861 94860 3b33f9 94862 3733c6 22 API calls 94860->94862 94861->94833 94862->94856 94863->94828 94865 38fe0b 22 API calls 94864->94865 94866 376295 94865->94866 94867 38fddb 22 API calls 94866->94867 94868 37394d 94867->94868 94868->94845 94868->94846 94869->94856 94870->94856 94871->94857 94873 3b30bb 94872->94873 94874 3733dd 94872->94874 94876 38fddb 22 API calls 94873->94876 94881 3733ee 94874->94881 94878 3b30c5 _wcslen 94876->94878 94877 3733e8 94877->94860 94879 38fe0b 22 API calls 94878->94879 94880 3b30fe __fread_nolock 94879->94880 94882 3733fe _wcslen 94881->94882 94883 3b311d 94882->94883 94884 373411 94882->94884 94886 38fddb 22 API calls 94883->94886 94891 37a587 94884->94891 94888 3b3127 94886->94888 94887 37341e __fread_nolock 94887->94877 94889 38fe0b 22 API calls 94888->94889 94890 3b3157 __fread_nolock 94889->94890 94892 37a59d 94891->94892 94895 37a598 __fread_nolock 94891->94895 94893 38fe0b 22 API calls 94892->94893 94894 3bf80f 94892->94894 94893->94895 94894->94894 94895->94887 94896 3903fb 94897 390407 __FrameHandler3::FrameUnwindToState 94896->94897 94925 38feb1 94897->94925 94899 39040e 94900 390561 94899->94900 94903 390438 94899->94903 94955 39083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 94900->94955 94902 390568 94948 394e52 94902->94948 94914 390477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 94903->94914 94936 3a247d 94903->94936 94910 390457 94912 3904d8 94944 390959 94912->94944 94914->94912 94951 394e1a 38 API calls 2 library calls 94914->94951 94916 3904de 94917 3904f3 94916->94917 94952 390992 GetModuleHandleW 94917->94952 94919 3904fa 94919->94902 94920 3904fe 94919->94920 94921 390507 94920->94921 94953 394df5 28 API calls _abort 94920->94953 94954 390040 13 API calls 2 library calls 94921->94954 94924 39050f 94924->94910 94926 38feba 94925->94926 94957 390698 IsProcessorFeaturePresent 94926->94957 94928 38fec6 94958 392c94 10 API calls 3 library calls 94928->94958 94930 38fecb 94931 38fecf 94930->94931 94959 3a2317 94930->94959 94931->94899 94934 38fee6 94934->94899 94939 3a2494 94936->94939 94937 390a8c CatchGuardHandler 5 API calls 94938 390451 94937->94938 94938->94910 94940 3a2421 94938->94940 94939->94937 94941 3a2450 94940->94941 94942 390a8c CatchGuardHandler 5 API calls 94941->94942 94943 3a2479 94942->94943 94943->94914 95018 392340 94944->95018 94946 39096c GetStartupInfoW 94947 39097f 94946->94947 94947->94916 95020 394bcf 94948->95020 94951->94912 94952->94919 94953->94921 94954->94924 94955->94902 94957->94928 94958->94930 94963 3ad1f6 94959->94963 94962 392cbd 8 API calls 3 library calls 94962->94931 94966 3ad213 94963->94966 94967 3ad20f 94963->94967 94965 38fed8 94965->94934 94965->94962 94966->94967 94969 3a4bfb 94966->94969 94981 390a8c 94967->94981 94970 3a4c07 __FrameHandler3::FrameUnwindToState 94969->94970 94988 3a2f5e EnterCriticalSection 94970->94988 94972 3a4c0e 94989 3a50af 94972->94989 94974 3a4c1d 94980 3a4c2c 94974->94980 95002 3a4a8f 29 API calls 94974->95002 94977 3a4c27 95003 3a4b45 GetStdHandle GetFileType 94977->95003 94979 3a4c3d __wsopen_s 94979->94966 95004 3a4c48 LeaveCriticalSection _abort 94980->95004 94982 390a95 94981->94982 94983 390a97 IsProcessorFeaturePresent 94981->94983 94982->94965 94985 390c5d 94983->94985 95017 390c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 94985->95017 94987 390d40 94987->94965 94988->94972 94990 3a50bb __FrameHandler3::FrameUnwindToState 94989->94990 94991 3a50c8 94990->94991 94992 3a50df 94990->94992 95013 39f2d9 20 API calls __dosmaperr 94991->95013 95005 3a2f5e EnterCriticalSection 94992->95005 94995 3a50cd 95014 3a27ec 26 API calls pre_c_initialization 94995->95014 94997 3a50d7 __wsopen_s 94997->94974 94998 3a5117 95015 3a513e LeaveCriticalSection _abort 94998->95015 94999 3a50eb 94999->94998 95006 3a5000 94999->95006 95002->94977 95003->94980 95004->94979 95005->94999 95007 3a4c7d __dosmaperr 20 API calls 95006->95007 95008 3a5012 95007->95008 95012 3a501f 95008->95012 95016 3a3405 11 API calls 2 library calls 95008->95016 95009 3a29c8 _free 20 API calls 95011 3a5071 95009->95011 95011->94999 95012->95009 95013->94995 95014->94997 95015->94997 95016->95008 95017->94987 95019 392357 95018->95019 95019->94946 95019->95019 95021 394bdb _abort 95020->95021 95022 394be2 95021->95022 95023 394bf4 95021->95023 95059 394d29 GetModuleHandleW 95022->95059 95044 3a2f5e EnterCriticalSection 95023->95044 95026 394be7 95026->95023 95060 394d6d GetModuleHandleExW 95026->95060 95027 394c99 95048 394cd9 95027->95048 95030 394bfb 95030->95027 95032 394c70 95030->95032 95045 3a21a8 95030->95045 95036 394c88 95032->95036 95041 3a2421 _abort 5 API calls 95032->95041 95034 394ce2 95068 3b1d29 5 API calls CatchGuardHandler 95034->95068 95035 394cb6 95051 394ce8 95035->95051 95037 3a2421 _abort 5 API calls 95036->95037 95037->95027 95041->95036 95044->95030 95069 3a1ee1 95045->95069 95088 3a2fa6 LeaveCriticalSection 95048->95088 95050 394cb2 95050->95034 95050->95035 95089 3a360c 95051->95089 95054 394d16 95057 394d6d _abort 8 API calls 95054->95057 95055 394cf6 GetPEB 95055->95054 95056 394d06 GetCurrentProcess TerminateProcess 95055->95056 95056->95054 95058 394d1e ExitProcess 95057->95058 95059->95026 95061 394dba 95060->95061 95062 394d97 GetProcAddress 95060->95062 95064 394dc9 95061->95064 95065 394dc0 FreeLibrary 95061->95065 95063 394dac 95062->95063 95063->95061 95066 390a8c CatchGuardHandler 5 API calls 95064->95066 95065->95064 95067 394bf3 95066->95067 95067->95023 95072 3a1e90 95069->95072 95071 3a1f05 95071->95032 95073 3a1e9c __FrameHandler3::FrameUnwindToState 95072->95073 95080 3a2f5e EnterCriticalSection 95073->95080 95075 3a1eaa 95081 3a1f31 95075->95081 95079 3a1ec8 __wsopen_s 95079->95071 95080->95075 95084 3a1f59 95081->95084 95086 3a1f51 95081->95086 95082 390a8c CatchGuardHandler 5 API calls 95083 3a1eb7 95082->95083 95087 3a1ed5 LeaveCriticalSection _abort 95083->95087 95085 3a29c8 _free 20 API calls 95084->95085 95084->95086 95085->95086 95086->95082 95087->95079 95088->95050 95090 3a3631 95089->95090 95091 3a3627 95089->95091 95096 3a2fd7 5 API calls 2 library calls 95090->95096 95094 390a8c CatchGuardHandler 5 API calls 95091->95094 95093 3a3648 95093->95091 95095 394cf2 95094->95095 95095->95054 95095->95055 95096->95093 95097 371033 95102 374c91 95097->95102 95101 371042 95103 37a961 22 API calls 95102->95103 95104 374cff 95103->95104 95111 373af0 95104->95111 95106 3b3cb6 95108 374d9c 95108->95106 95109 371038 95108->95109 95114 3751f7 22 API calls __fread_nolock 95108->95114 95110 3900a3 29 API calls __onexit 95109->95110 95110->95101 95115 373b1c 95111->95115 95114->95108 95116 373b0f 95115->95116 95117 373b29 95115->95117 95116->95108 95117->95116 95118 373b30 RegOpenKeyExW 95117->95118 95118->95116 95119 373b4a RegQueryValueExW 95118->95119 95120 373b80 RegCloseKey 95119->95120 95121 373b6b 95119->95121 95120->95116 95121->95120 95122 37f7bf 95123 37fcb6 95122->95123 95124 37f7d3 95122->95124 95213 37aceb 23 API calls ISource 95123->95213 95126 37fcc2 95124->95126 95127 38fddb 22 API calls 95124->95127 95214 37aceb 23 API calls ISource 95126->95214 95129 37f7e5 95127->95129 95129->95126 95130 37f83e 95129->95130 95131 37fd3d 95129->95131 95155 37ed9d ISource 95130->95155 95157 381310 95130->95157 95215 3e1155 22 API calls 95131->95215 95134 37fef7 95134->95155 95217 37a8c7 22 API calls __fread_nolock 95134->95217 95137 38fddb 22 API calls 95154 37ec76 ISource 95137->95154 95138 3c4b0b 95219 3e359c 82 API calls __wsopen_s 95138->95219 95139 37a8c7 22 API calls 95139->95154 95140 3c4600 95140->95155 95216 37a8c7 22 API calls __fread_nolock 95140->95216 95145 390242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95145->95154 95147 37fbe3 95150 3c4bdc 95147->95150 95147->95155 95156 37f3ae ISource 95147->95156 95148 37a961 22 API calls 95148->95154 95149 3900a3 29 API calls pre_c_initialization 95149->95154 95220 3e359c 82 API calls __wsopen_s 95150->95220 95152 3c4beb 95221 3e359c 82 API calls __wsopen_s 95152->95221 95153 3901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95153->95154 95154->95134 95154->95137 95154->95138 95154->95139 95154->95140 95154->95145 95154->95147 95154->95148 95154->95149 95154->95152 95154->95153 95154->95155 95154->95156 95211 3801e0 185 API calls 2 library calls 95154->95211 95212 3806a0 41 API calls ISource 95154->95212 95156->95155 95218 3e359c 82 API calls __wsopen_s 95156->95218 95158 3817b0 95157->95158 95159 381376 95157->95159 95270 390242 5 API calls __Init_thread_wait 95158->95270 95161 381390 95159->95161 95162 3c6331 95159->95162 95222 381940 95161->95222 95275 3f709c 185 API calls 95162->95275 95165 3817ba 95168 3817fb 95165->95168 95170 379cb3 22 API calls 95165->95170 95167 3c633d 95167->95154 95172 3c6346 95168->95172 95174 38182c 95168->95174 95169 381940 9 API calls 95171 3813b6 95169->95171 95178 3817d4 95170->95178 95171->95168 95173 3813ec 95171->95173 95276 3e359c 82 API calls __wsopen_s 95172->95276 95173->95172 95197 381408 __fread_nolock 95173->95197 95272 37aceb 23 API calls ISource 95174->95272 95177 381839 95273 38d217 185 API calls 95177->95273 95271 3901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95178->95271 95181 3c636e 95277 3e359c 82 API calls __wsopen_s 95181->95277 95182 38152f 95184 38153c 95182->95184 95185 3c63d1 95182->95185 95186 381940 9 API calls 95184->95186 95279 3f5745 54 API calls _wcslen 95185->95279 95188 381549 95186->95188 95191 3c64fa 95188->95191 95193 381940 9 API calls 95188->95193 95189 38fddb 22 API calls 95189->95197 95190 38fe0b 22 API calls 95190->95197 95201 3c6369 95191->95201 95281 3e359c 82 API calls __wsopen_s 95191->95281 95192 381872 95274 38faeb 23 API calls 95192->95274 95199 381563 95193->95199 95197->95177 95197->95181 95197->95182 95197->95189 95197->95190 95198 3c63b2 95197->95198 95197->95201 95245 37ec40 95197->95245 95278 3e359c 82 API calls __wsopen_s 95198->95278 95199->95191 95204 3815c7 ISource 95199->95204 95280 37a8c7 22 API calls __fread_nolock 95199->95280 95201->95154 95203 381940 9 API calls 95203->95204 95204->95191 95204->95192 95204->95201 95204->95203 95206 38167b ISource 95204->95206 95232 3e5c5a 95204->95232 95237 3fac5b 95204->95237 95240 3fa2ea 95204->95240 95205 38171d 95205->95154 95206->95205 95269 38ce17 22 API calls ISource 95206->95269 95211->95154 95212->95154 95213->95126 95214->95131 95215->95155 95216->95155 95217->95155 95218->95155 95219->95155 95220->95152 95221->95155 95223 381981 95222->95223 95230 38195d 95222->95230 95282 390242 5 API calls __Init_thread_wait 95223->95282 95225 3813a0 95225->95169 95226 38198b 95226->95230 95283 3901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95226->95283 95228 388727 95228->95225 95285 3901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95228->95285 95230->95225 95284 390242 5 API calls __Init_thread_wait 95230->95284 95286 377510 95232->95286 95236 3e5c77 95236->95204 95318 3fad64 95237->95318 95239 3fac6f 95239->95204 95241 377510 53 API calls 95240->95241 95242 3fa306 95241->95242 95350 3dd4dc CreateToolhelp32Snapshot Process32FirstW 95242->95350 95244 3fa315 95244->95204 95264 37ec76 ISource 95245->95264 95246 3c4beb 95378 3e359c 82 API calls __wsopen_s 95246->95378 95247 38fddb 22 API calls 95247->95264 95248 37fef7 95259 37ed9d ISource 95248->95259 95374 37a8c7 22 API calls __fread_nolock 95248->95374 95251 3c4b0b 95376 3e359c 82 API calls __wsopen_s 95251->95376 95252 37a8c7 22 API calls 95252->95264 95253 37f3ae ISource 95253->95259 95375 3e359c 82 API calls __wsopen_s 95253->95375 95254 3c4600 95254->95259 95373 37a8c7 22 API calls __fread_nolock 95254->95373 95259->95197 95260 390242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95260->95264 95262 37fbe3 95262->95253 95262->95259 95266 3c4bdc 95262->95266 95263 37a961 22 API calls 95263->95264 95264->95246 95264->95247 95264->95248 95264->95251 95264->95252 95264->95253 95264->95254 95264->95259 95264->95260 95264->95262 95264->95263 95265 3900a3 29 API calls pre_c_initialization 95264->95265 95268 3901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95264->95268 95371 3801e0 185 API calls 2 library calls 95264->95371 95372 3806a0 41 API calls ISource 95264->95372 95265->95264 95377 3e359c 82 API calls __wsopen_s 95266->95377 95268->95264 95269->95206 95270->95165 95271->95168 95272->95177 95273->95192 95274->95192 95275->95167 95276->95201 95277->95201 95278->95201 95279->95199 95280->95204 95281->95201 95282->95226 95283->95230 95284->95228 95285->95225 95287 377525 95286->95287 95304 377522 95286->95304 95288 37752d 95287->95288 95289 37755b 95287->95289 95314 3951c6 26 API calls 95288->95314 95291 3b50f6 95289->95291 95292 3b500f 95289->95292 95293 37756d 95289->95293 95317 395183 26 API calls 95291->95317 95300 3b5088 95292->95300 95303 38fe0b 22 API calls 95292->95303 95315 38fb21 51 API calls 95293->95315 95294 37753d 95299 38fddb 22 API calls 95294->95299 95297 3b510e 95297->95297 95301 377547 95299->95301 95316 38fb21 51 API calls 95300->95316 95302 379cb3 22 API calls 95301->95302 95302->95304 95306 3b5058 95303->95306 95309 3ddbbe lstrlenW 95304->95309 95305 38fddb 22 API calls 95307 3b507f 95305->95307 95306->95305 95308 379cb3 22 API calls 95307->95308 95308->95300 95310 3ddbdc GetFileAttributesW 95309->95310 95311 3ddc06 95309->95311 95310->95311 95312 3ddbe8 FindFirstFileW 95310->95312 95311->95236 95312->95311 95313 3ddbf9 FindClose 95312->95313 95313->95311 95314->95294 95315->95294 95316->95291 95317->95297 95319 37a961 22 API calls 95318->95319 95320 3fad77 ___scrt_fastfail 95319->95320 95321 3fadce 95320->95321 95322 377510 53 API calls 95320->95322 95323 3fadee 95321->95323 95324 377510 53 API calls 95321->95324 95326 3fadab 95322->95326 95325 3fae3a 95323->95325 95328 377510 53 API calls 95323->95328 95327 3fade4 95324->95327 95330 3fae4d ___scrt_fastfail 95325->95330 95349 37b567 39 API calls 95325->95349 95326->95321 95331 377510 53 API calls 95326->95331 95347 377620 22 API calls _wcslen 95327->95347 95337 3fae04 95328->95337 95335 377510 53 API calls 95330->95335 95333 3fadc4 95331->95333 95346 377620 22 API calls _wcslen 95333->95346 95336 3fae85 ShellExecuteExW 95335->95336 95340 3faeb0 95336->95340 95337->95325 95338 377510 53 API calls 95337->95338 95339 3fae28 95338->95339 95339->95325 95348 37a8c7 22 API calls __fread_nolock 95339->95348 95342 3faec8 95340->95342 95343 3faf35 GetProcessId 95340->95343 95342->95239 95344 3faf48 95343->95344 95345 3faf58 CloseHandle 95344->95345 95345->95342 95346->95321 95347->95323 95348->95325 95349->95330 95360 3ddef7 95350->95360 95352 3dd522 95353 3dd529 Process32NextW 95352->95353 95354 3dd5db FindCloseChangeNotification 95352->95354 95355 37a961 22 API calls 95352->95355 95356 379cb3 22 API calls 95352->95356 95366 37525f 22 API calls 95352->95366 95367 376350 22 API calls 95352->95367 95368 38ce60 41 API calls 95352->95368 95353->95352 95353->95354 95354->95244 95355->95352 95356->95352 95361 3ddf02 95360->95361 95362 3ddf19 95361->95362 95365 3ddf1f 95361->95365 95369 3963b2 GetStringTypeW _strftime 95361->95369 95370 3962fb 39 API calls 95362->95370 95365->95352 95366->95352 95367->95352 95368->95352 95369->95361 95370->95365 95371->95264 95372->95264 95373->95259 95374->95259 95375->95259 95376->95259 95377->95246 95378->95259 95379 3c3f75 95390 38ceb1 95379->95390 95381 3c3f8b 95382 3c4006 95381->95382 95457 38e300 23 API calls 95381->95457 95399 37bf40 95382->95399 95386 3c3fe6 95389 3c4052 95386->95389 95458 3e1abf 22 API calls 95386->95458 95387 3c4a88 95389->95387 95459 3e359c 82 API calls __wsopen_s 95389->95459 95391 38cebf 95390->95391 95392 38ced2 95390->95392 95460 37aceb 23 API calls ISource 95391->95460 95394 38cf05 95392->95394 95395 38ced7 95392->95395 95461 37aceb 23 API calls ISource 95394->95461 95397 38fddb 22 API calls 95395->95397 95398 38cec9 95397->95398 95398->95381 95462 37adf0 95399->95462 95401 37bf9d 95402 3c04b6 95401->95402 95403 37bfa9 95401->95403 95481 3e359c 82 API calls __wsopen_s 95402->95481 95405 3c04c6 95403->95405 95406 37c01e 95403->95406 95482 3e359c 82 API calls __wsopen_s 95405->95482 95467 37ac91 95406->95467 95410 3d7120 22 API calls 95454 37c039 ISource __fread_nolock 95410->95454 95411 37c7da 95414 38fe0b 22 API calls 95411->95414 95422 37c808 __fread_nolock 95414->95422 95416 3c04f5 95419 3c055a 95416->95419 95483 38d217 185 API calls 95416->95483 95442 37c603 95419->95442 95484 3e359c 82 API calls __wsopen_s 95419->95484 95420 38fe0b 22 API calls 95453 37c350 ISource __fread_nolock 95420->95453 95421 37af8a 22 API calls 95421->95454 95422->95420 95423 3c091a 95494 3e3209 23 API calls 95423->95494 95426 37ec40 185 API calls 95426->95454 95427 3c08a5 95428 37ec40 185 API calls 95427->95428 95430 3c08cf 95428->95430 95430->95442 95492 37a81b 41 API calls 95430->95492 95431 3c0591 95485 3e359c 82 API calls __wsopen_s 95431->95485 95432 3c08f6 95493 3e359c 82 API calls __wsopen_s 95432->95493 95436 37bbe0 40 API calls 95436->95454 95438 38fddb 22 API calls 95438->95454 95440 37c237 95441 37c253 95440->95441 95495 37a8c7 22 API calls __fread_nolock 95440->95495 95444 3c0976 95441->95444 95448 37c297 ISource 95441->95448 95442->95389 95496 37aceb 23 API calls ISource 95444->95496 95447 3c09bf 95447->95442 95497 3e359c 82 API calls __wsopen_s 95447->95497 95448->95447 95478 37aceb 23 API calls ISource 95448->95478 95450 37c335 95450->95447 95451 37c342 95450->95451 95479 37a704 22 API calls ISource 95451->95479 95456 37c3ac 95453->95456 95480 38ce17 22 API calls ISource 95453->95480 95454->95410 95454->95411 95454->95416 95454->95419 95454->95421 95454->95422 95454->95423 95454->95426 95454->95427 95454->95431 95454->95432 95454->95436 95454->95438 95454->95440 95454->95442 95454->95447 95455 38fe0b 22 API calls 95454->95455 95471 37ad81 95454->95471 95486 3d7099 22 API calls __fread_nolock 95454->95486 95487 3f5745 54 API calls _wcslen 95454->95487 95488 38aa42 22 API calls ISource 95454->95488 95489 3df05c 40 API calls 95454->95489 95490 37a993 41 API calls 95454->95490 95491 37aceb 23 API calls ISource 95454->95491 95455->95454 95456->95389 95457->95386 95458->95382 95459->95387 95460->95398 95461->95398 95463 37ae01 95462->95463 95466 37ae1c ISource 95462->95466 95464 37aec9 22 API calls 95463->95464 95465 37ae09 CharUpperBuffW 95464->95465 95465->95466 95466->95401 95469 37acae 95467->95469 95468 37acd1 95468->95454 95469->95468 95498 3e359c 82 API calls __wsopen_s 95469->95498 95472 3bfadb 95471->95472 95473 37ad92 95471->95473 95474 38fddb 22 API calls 95473->95474 95475 37ad99 95474->95475 95499 37adcd 95475->95499 95478->95450 95479->95453 95480->95453 95481->95405 95482->95442 95483->95419 95484->95442 95485->95442 95486->95454 95487->95454 95488->95454 95489->95454 95490->95454 95491->95454 95492->95432 95493->95442 95494->95440 95495->95441 95496->95447 95497->95442 95498->95468 95505 37addd 95499->95505 95500 37adb6 95500->95454 95501 38fddb 22 API calls 95501->95505 95502 37a961 22 API calls 95502->95505 95504 37adcd 22 API calls 95504->95505 95505->95500 95505->95501 95505->95502 95505->95504 95506 37a8c7 22 API calls __fread_nolock 95505->95506 95506->95505 95507 37105b 95512 37344d 95507->95512 95509 37106a 95543 3900a3 29 API calls __onexit 95509->95543 95511 371074 95513 37345d __wsopen_s 95512->95513 95514 37a961 22 API calls 95513->95514 95515 373513 95514->95515 95516 373a5a 24 API calls 95515->95516 95517 37351c 95516->95517 95544 373357 95517->95544 95520 3733c6 22 API calls 95521 373535 95520->95521 95522 37515f 22 API calls 95521->95522 95523 373544 95522->95523 95524 37a961 22 API calls 95523->95524 95525 37354d 95524->95525 95526 37a6c3 22 API calls 95525->95526 95527 373556 RegOpenKeyExW 95526->95527 95528 3b3176 RegQueryValueExW 95527->95528 95533 373578 95527->95533 95529 3b320c RegCloseKey 95528->95529 95530 3b3193 95528->95530 95529->95533 95542 3b321e _wcslen 95529->95542 95531 38fe0b 22 API calls 95530->95531 95532 3b31ac 95531->95532 95535 375722 22 API calls 95532->95535 95533->95509 95534 374c6d 22 API calls 95534->95542 95536 3b31b7 RegQueryValueExW 95535->95536 95537 3b31d4 95536->95537 95539 3b31ee ISource 95536->95539 95538 376b57 22 API calls 95537->95538 95538->95539 95539->95529 95540 379cb3 22 API calls 95540->95542 95541 37515f 22 API calls 95541->95542 95542->95533 95542->95534 95542->95540 95542->95541 95543->95511 95545 3b1f50 __wsopen_s 95544->95545 95546 373364 GetFullPathNameW 95545->95546 95547 373386 95546->95547 95548 376b57 22 API calls 95547->95548 95549 3733a4 95548->95549 95549->95520 95550 371098 95555 3742de 95550->95555 95554 3710a7 95556 37a961 22 API calls 95555->95556 95557 3742f5 GetVersionExW 95556->95557 95558 376b57 22 API calls 95557->95558 95559 374342 95558->95559 95560 3793b2 22 API calls 95559->95560 95569 374378 95559->95569 95561 37436c 95560->95561 95563 3737a0 22 API calls 95561->95563 95562 37441b GetCurrentProcess IsWow64Process 95564 374437 95562->95564 95563->95569 95565 37444f LoadLibraryA 95564->95565 95566 3b3824 GetSystemInfo 95564->95566 95567 374460 GetProcAddress 95565->95567 95568 37449c GetSystemInfo 95565->95568 95567->95568 95571 374470 GetNativeSystemInfo 95567->95571 95572 374476 95568->95572 95569->95562 95570 3b37df 95569->95570 95571->95572 95573 37109d 95572->95573 95574 37447a FreeLibrary 95572->95574 95575 3900a3 29 API calls __onexit 95573->95575 95574->95573 95575->95554 95576 371044 95581 3710f3 95576->95581 95578 37104a 95617 3900a3 29 API calls __onexit 95578->95617 95580 371054 95618 371398 95581->95618 95585 37116a 95586 37a961 22 API calls 95585->95586 95587 371174 95586->95587 95588 37a961 22 API calls 95587->95588 95589 37117e 95588->95589 95590 37a961 22 API calls 95589->95590 95591 371188 95590->95591 95592 37a961 22 API calls 95591->95592 95593 3711c6 95592->95593 95594 37a961 22 API calls 95593->95594 95595 371292 95594->95595 95628 37171c 95595->95628 95599 3712c4 95600 37a961 22 API calls 95599->95600 95601 3712ce 95600->95601 95602 381940 9 API calls 95601->95602 95603 3712f9 95602->95603 95649 371aab 95603->95649 95605 371315 95606 371325 GetStdHandle 95605->95606 95607 37137a 95606->95607 95608 3b2485 95606->95608 95611 371387 OleInitialize 95607->95611 95608->95607 95609 3b248e 95608->95609 95610 38fddb 22 API calls 95609->95610 95612 3b2495 95610->95612 95611->95578 95656 3e011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95612->95656 95614 3b249e 95657 3e0944 CreateThread 95614->95657 95616 3b24aa CloseHandle 95616->95607 95617->95580 95658 3713f1 95618->95658 95621 3713f1 22 API calls 95622 3713d0 95621->95622 95623 37a961 22 API calls 95622->95623 95624 3713dc 95623->95624 95625 376b57 22 API calls 95624->95625 95626 371129 95625->95626 95627 371bc3 6 API calls 95626->95627 95627->95585 95629 37a961 22 API calls 95628->95629 95630 37172c 95629->95630 95631 37a961 22 API calls 95630->95631 95632 371734 95631->95632 95633 37a961 22 API calls 95632->95633 95634 37174f 95633->95634 95635 38fddb 22 API calls 95634->95635 95636 37129c 95635->95636 95637 371b4a 95636->95637 95638 371b58 95637->95638 95639 37a961 22 API calls 95638->95639 95640 371b63 95639->95640 95641 37a961 22 API calls 95640->95641 95642 371b6e 95641->95642 95643 37a961 22 API calls 95642->95643 95644 371b79 95643->95644 95645 37a961 22 API calls 95644->95645 95646 371b84 95645->95646 95647 38fddb 22 API calls 95646->95647 95648 371b96 RegisterWindowMessageW 95647->95648 95648->95599 95650 3b272d 95649->95650 95651 371abb 95649->95651 95665 3e3209 23 API calls 95650->95665 95652 38fddb 22 API calls 95651->95652 95654 371ac3 95652->95654 95654->95605 95655 3b2738 95656->95614 95657->95616 95666 3e092a 28 API calls 95657->95666 95659 37a961 22 API calls 95658->95659 95660 3713fc 95659->95660 95661 37a961 22 API calls 95660->95661 95662 371404 95661->95662 95663 37a961 22 API calls 95662->95663 95664 3713c6 95663->95664 95664->95621 95665->95655 95667 372de3 95668 372df0 __wsopen_s 95667->95668 95669 3b2c2b ___scrt_fastfail 95668->95669 95670 372e09 95668->95670 95672 3b2c47 GetOpenFileNameW 95669->95672 95671 373aa2 23 API calls 95670->95671 95673 372e12 95671->95673 95675 3b2c96 95672->95675 95683 372da5 95673->95683 95677 376b57 22 API calls 95675->95677 95679 3b2cab 95677->95679 95679->95679 95680 372e27 95701 3744a8 95680->95701 95684 3b1f50 __wsopen_s 95683->95684 95685 372db2 GetLongPathNameW 95684->95685 95686 376b57 22 API calls 95685->95686 95687 372dda 95686->95687 95688 373598 95687->95688 95689 37a961 22 API calls 95688->95689 95690 3735aa 95689->95690 95691 373aa2 23 API calls 95690->95691 95692 3735b5 95691->95692 95693 3735c0 95692->95693 95697 3b32eb 95692->95697 95694 37515f 22 API calls 95693->95694 95696 3735cc 95694->95696 95730 3735f3 95696->95730 95698 3b330d 95697->95698 95736 38ce60 41 API calls 95697->95736 95700 3735df 95700->95680 95702 374ecb 94 API calls 95701->95702 95703 3744cd 95702->95703 95704 3b3833 95703->95704 95705 374ecb 94 API calls 95703->95705 95706 3e2cf9 80 API calls 95704->95706 95707 3744e1 95705->95707 95708 3b3848 95706->95708 95707->95704 95709 3744e9 95707->95709 95710 3b3869 95708->95710 95711 3b384c 95708->95711 95713 3744f5 95709->95713 95714 3b3854 95709->95714 95712 38fe0b 22 API calls 95710->95712 95715 374f39 68 API calls 95711->95715 95720 3b38ae 95712->95720 95737 37940c 136 API calls 2 library calls 95713->95737 95738 3dda5a 82 API calls 95714->95738 95715->95714 95718 372e31 95719 3b3862 95719->95710 95722 3b3a5f 95720->95722 95727 379cb3 22 API calls 95720->95727 95739 3d967e 22 API calls __fread_nolock 95720->95739 95740 3d95ad 42 API calls _wcslen 95720->95740 95741 3e0b5a 22 API calls 95720->95741 95742 37a4a1 22 API calls __fread_nolock 95720->95742 95743 373ff7 22 API calls 95720->95743 95721 374f39 68 API calls 95721->95722 95722->95721 95744 3d989b 82 API calls __wsopen_s 95722->95744 95727->95720 95731 373605 95730->95731 95735 373624 __fread_nolock 95730->95735 95733 38fe0b 22 API calls 95731->95733 95732 38fddb 22 API calls 95734 37363b 95732->95734 95733->95735 95734->95700 95735->95732 95736->95697 95737->95718 95738->95719 95739->95720 95740->95720 95741->95720 95742->95720 95743->95720 95744->95722 95745 3a8402 95750 3a81be 95745->95750 95748 3a842a 95751 3a81ef try_get_first_available_module 95750->95751 95758 3a8338 95751->95758 95765 398e0b 40 API calls 2 library calls 95751->95765 95753 3a83ee 95769 3a27ec 26 API calls pre_c_initialization 95753->95769 95755 3a8343 95755->95748 95762 3b0984 95755->95762 95757 3a838c 95757->95758 95766 398e0b 40 API calls 2 library calls 95757->95766 95758->95755 95768 39f2d9 20 API calls __dosmaperr 95758->95768 95760 3a83ab 95760->95758 95767 398e0b 40 API calls 2 library calls 95760->95767 95770 3b0081 95762->95770 95764 3b099f 95764->95748 95765->95757 95766->95760 95767->95758 95768->95753 95769->95755 95773 3b008d __FrameHandler3::FrameUnwindToState 95770->95773 95771 3b009b 95827 39f2d9 20 API calls __dosmaperr 95771->95827 95773->95771 95775 3b00d4 95773->95775 95774 3b00a0 95828 3a27ec 26 API calls pre_c_initialization 95774->95828 95781 3b065b 95775->95781 95780 3b00aa __wsopen_s 95780->95764 95782 3b0678 95781->95782 95783 3b068d 95782->95783 95784 3b06a6 95782->95784 95844 39f2c6 20 API calls __dosmaperr 95783->95844 95830 3a5221 95784->95830 95787 3b0692 95845 39f2d9 20 API calls __dosmaperr 95787->95845 95788 3b06ab 95789 3b06cb 95788->95789 95790 3b06b4 95788->95790 95843 3b039a CreateFileW 95789->95843 95846 39f2c6 20 API calls __dosmaperr 95790->95846 95794 3b06b9 95847 39f2d9 20 API calls __dosmaperr 95794->95847 95795 3b0781 GetFileType 95798 3b078c GetLastError 95795->95798 95799 3b07d3 95795->95799 95797 3b0756 GetLastError 95849 39f2a3 20 API calls __dosmaperr 95797->95849 95850 39f2a3 20 API calls __dosmaperr 95798->95850 95852 3a516a 21 API calls 2 library calls 95799->95852 95800 3b0704 95800->95795 95800->95797 95848 3b039a CreateFileW 95800->95848 95804 3b079a CloseHandle 95804->95787 95805 3b07c3 95804->95805 95851 39f2d9 20 API calls __dosmaperr 95805->95851 95807 3b0749 95807->95795 95807->95797 95809 3b07f4 95811 3b0840 95809->95811 95853 3b05ab 72 API calls 3 library calls 95809->95853 95810 3b07c8 95810->95787 95816 3b086d 95811->95816 95854 3b014d 72 API calls 4 library calls 95811->95854 95814 3b0866 95815 3b087e 95814->95815 95814->95816 95818 3b00f8 95815->95818 95819 3b08fc CloseHandle 95815->95819 95817 3a86ae __wsopen_s 29 API calls 95816->95817 95817->95818 95829 3b0121 LeaveCriticalSection __wsopen_s 95818->95829 95855 3b039a CreateFileW 95819->95855 95821 3b0927 95822 3b095d 95821->95822 95823 3b0931 GetLastError 95821->95823 95822->95818 95856 39f2a3 20 API calls __dosmaperr 95823->95856 95825 3b093d 95857 3a5333 21 API calls 2 library calls 95825->95857 95827->95774 95828->95780 95829->95780 95831 3a522d __FrameHandler3::FrameUnwindToState 95830->95831 95858 3a2f5e EnterCriticalSection 95831->95858 95833 3a5234 95834 3a527b 95833->95834 95836 3a5259 95833->95836 95840 3a52c7 EnterCriticalSection 95833->95840 95859 3a532a 95834->95859 95838 3a5000 __wsopen_s 21 API calls 95836->95838 95837 3a52a4 __wsopen_s 95837->95788 95839 3a525e 95838->95839 95839->95834 95862 3a5147 EnterCriticalSection 95839->95862 95840->95834 95841 3a52d4 LeaveCriticalSection 95840->95841 95841->95833 95843->95800 95844->95787 95845->95818 95846->95794 95847->95787 95848->95807 95849->95787 95850->95804 95851->95810 95852->95809 95853->95811 95854->95814 95855->95821 95856->95825 95857->95822 95858->95833 95863 3a2fa6 LeaveCriticalSection 95859->95863 95861 3a5331 95861->95837 95862->95834 95863->95861 95864 3b2402 95867 371410 95864->95867 95868 3b24b8 DestroyWindow 95867->95868 95869 37144f mciSendStringW 95867->95869 95881 3b24c4 95868->95881 95870 3716c6 95869->95870 95871 37146b 95869->95871 95870->95871 95873 3716d5 UnregisterHotKey 95870->95873 95872 371479 95871->95872 95871->95881 95900 37182e 95872->95900 95873->95870 95875 3b2509 95882 3b252d 95875->95882 95883 3b251c FreeLibrary 95875->95883 95876 3b24d8 95876->95881 95906 376246 CloseHandle 95876->95906 95877 3b24e2 FindClose 95877->95881 95879 37148e 95879->95882 95888 37149c 95879->95888 95881->95875 95881->95876 95881->95877 95884 3b2541 VirtualFree 95882->95884 95891 371509 95882->95891 95883->95875 95884->95882 95885 3714f8 OleUninitialize 95885->95891 95886 3b2589 95893 3b2598 ISource 95886->95893 95907 3e32eb 6 API calls ISource 95886->95907 95887 371514 95890 371524 95887->95890 95888->95885 95904 371944 VirtualFreeEx CloseHandle 95890->95904 95891->95886 95891->95887 95896 3b2627 95893->95896 95908 3d64d4 22 API calls ISource 95893->95908 95895 37153a 95895->95893 95897 37161f 95895->95897 95896->95896 95897->95896 95905 371876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95897->95905 95899 3716c1 95901 37183b 95900->95901 95902 371480 95901->95902 95909 3d702a 22 API calls 95901->95909 95902->95875 95902->95879 95904->95895 95905->95899 95906->95876 95907->95886 95908->95893 95909->95901 95910 371cad SystemParametersInfoW 95911 3c2a00 95926 37d7b0 ISource 95911->95926 95912 37db11 PeekMessageW 95912->95926 95913 37d807 GetInputState 95913->95912 95913->95926 95914 3c1cbe TranslateAcceleratorW 95914->95926 95916 37db8f PeekMessageW 95916->95926 95917 37da04 timeGetTime 95917->95926 95918 37db73 TranslateMessage DispatchMessageW 95918->95916 95919 37dbaf Sleep 95936 37dbc0 95919->95936 95920 3c2b74 Sleep 95920->95936 95921 3c1dda timeGetTime 95952 38e300 23 API calls 95921->95952 95922 38e551 timeGetTime 95922->95936 95923 3dd4dc 47 API calls 95923->95936 95925 3c2c0b GetExitCodeProcess 95930 3c2c37 CloseHandle 95925->95930 95931 3c2c21 WaitForSingleObject 95925->95931 95926->95912 95926->95913 95926->95914 95926->95916 95926->95917 95926->95918 95926->95919 95926->95920 95926->95921 95929 37d9d5 95926->95929 95939 37ec40 185 API calls 95926->95939 95940 37bf40 185 API calls 95926->95940 95941 381310 185 API calls 95926->95941 95943 37dd50 95926->95943 95950 37dfd0 185 API calls 3 library calls 95926->95950 95951 38edf6 IsDialogMessageW GetClassLongW 95926->95951 95953 3e3a2a 23 API calls 95926->95953 95954 3e359c 82 API calls __wsopen_s 95926->95954 95927 4029bf GetForegroundWindow 95927->95936 95930->95936 95931->95926 95931->95930 95932 3c2a31 95932->95929 95933 3c2ca9 Sleep 95933->95926 95936->95922 95936->95923 95936->95925 95936->95926 95936->95927 95936->95929 95936->95932 95936->95933 95955 3f5658 23 API calls 95936->95955 95956 3de97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95936->95956 95939->95926 95940->95926 95941->95926 95944 37dd6f 95943->95944 95946 37dd83 95943->95946 95957 37d260 95944->95957 95989 3e359c 82 API calls __wsopen_s 95946->95989 95947 37dd7a 95947->95926 95949 3c2f75 95949->95949 95950->95926 95951->95926 95952->95926 95953->95926 95954->95926 95955->95936 95956->95936 95958 37ec40 185 API calls 95957->95958 95977 37d29d 95958->95977 95959 3c1bc4 95996 3e359c 82 API calls __wsopen_s 95959->95996 95961 37d30b ISource 95961->95947 95962 37d6d5 95962->95961 95971 38fe0b 22 API calls 95962->95971 95963 37d3c3 95963->95962 95965 37d3ce 95963->95965 95964 37d5ff 95967 37d614 95964->95967 95968 3c1bb5 95964->95968 95966 38fddb 22 API calls 95965->95966 95972 37d3d5 __fread_nolock 95966->95972 95973 38fddb 22 API calls 95967->95973 95995 3f5705 23 API calls 95968->95995 95969 37d4b8 95975 38fe0b 22 API calls 95969->95975 95970 38fddb 22 API calls 95970->95977 95971->95972 95976 37d3f6 95972->95976 95978 38fddb 22 API calls 95972->95978 95982 37d46a 95973->95982 95984 37d429 ISource __fread_nolock 95975->95984 95976->95984 95990 37bec0 185 API calls 95976->95990 95977->95959 95977->95961 95977->95962 95977->95963 95977->95969 95977->95970 95977->95984 95978->95976 95980 3c1ba4 95994 3e359c 82 API calls __wsopen_s 95980->95994 95982->95947 95984->95964 95984->95980 95984->95982 95985 3c1b7f 95984->95985 95987 3c1b5d 95984->95987 95991 371f6f 185 API calls 95984->95991 95993 3e359c 82 API calls __wsopen_s 95985->95993 95992 3e359c 82 API calls __wsopen_s 95987->95992 95989->95949 95990->95984 95991->95984 95992->95982 95993->95982 95994->95982 95995->95959 95996->95961 95997 3b2ba5 95998 372b25 95997->95998 95999 3b2baf 95997->95999 96025 372b83 7 API calls 95998->96025 96000 373a5a 24 API calls 95999->96000 96002 3b2bb8 96000->96002 96005 379cb3 22 API calls 96002->96005 96007 3b2bc6 96005->96007 96006 372b2f 96010 373837 49 API calls 96006->96010 96014 372b44 96006->96014 96008 3b2bce 96007->96008 96009 3b2bf5 96007->96009 96011 3733c6 22 API calls 96008->96011 96012 3733c6 22 API calls 96009->96012 96010->96014 96013 3b2bd9 96011->96013 96023 3b2bf1 GetForegroundWindow ShellExecuteW 96012->96023 96029 376350 22 API calls 96013->96029 96017 3730f2 Shell_NotifyIconW 96014->96017 96019 372b5f 96014->96019 96017->96019 96018 3b2be7 96021 3733c6 22 API calls 96018->96021 96022 372b66 SetCurrentDirectoryW 96019->96022 96020 3b2c26 96020->96019 96021->96023 96024 372b7a 96022->96024 96023->96020 96030 372cd4 7 API calls 96025->96030 96027 372b2a 96028 372c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96027->96028 96028->96006 96029->96018 96030->96027

                                                                                                Executed Functions

                                                                                                Function 003742DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 234 3742de-37434d call 37a961 GetVersionExW call 376b57 239 374353 234->239 240 3b3617-3b362a 234->240 241 374355-374357 239->241 242 3b362b-3b362f 240->242 245 37435d-3743bc call 3793b2 call 3737a0 241->245 246 3b3656 241->246 243 3b3632-3b363e 242->243 244 3b3631 242->244 243->242 247 3b3640-3b3642 243->247 244->243 263 3b37df-3b37e6 245->263 264 3743c2-3743c4 245->264 250 3b365d-3b3660 246->250 247->241 249 3b3648-3b364f 247->249 249->240 252 3b3651 249->252 253 37441b-374435 GetCurrentProcess IsWow64Process 250->253 254 3b3666-3b36a8 250->254 252->246 256 374437 253->256 257 374494-37449a 253->257 254->253 258 3b36ae-3b36b1 254->258 260 37443d-374449 256->260 257->260 261 3b36db-3b36e5 258->261 262 3b36b3-3b36bd 258->262 265 37444f-37445e LoadLibraryA 260->265 266 3b3824-3b3828 GetSystemInfo 260->266 270 3b36f8-3b3702 261->270 271 3b36e7-3b36f3 261->271 267 3b36ca-3b36d6 262->267 268 3b36bf-3b36c5 262->268 272 3b37e8 263->272 273 3b3806-3b3809 263->273 264->250 269 3743ca-3743dd 264->269 279 374460-37446e GetProcAddress 265->279 280 37449c-3744a6 GetSystemInfo 265->280 267->253 268->253 281 3743e3-3743e5 269->281 282 3b3726-3b372f 269->282 275 3b3715-3b3721 270->275 276 3b3704-3b3710 270->276 271->253 274 3b37ee 272->274 277 3b380b-3b381a 273->277 278 3b37f4-3b37fc 273->278 274->278 275->253 276->253 277->274 287 3b381c-3b3822 277->287 278->273 279->280 288 374470-374474 GetNativeSystemInfo 279->288 289 374476-374478 280->289 283 3b374d-3b3762 281->283 284 3743eb-3743ee 281->284 285 3b373c-3b3748 282->285 286 3b3731-3b3737 282->286 292 3b376f-3b377b 283->292 293 3b3764-3b376a 283->293 290 3743f4-37440f 284->290 291 3b3791-3b3794 284->291 285->253 286->253 287->278 288->289 294 374481-374493 289->294 295 37447a-37447b FreeLibrary 289->295 296 374415 290->296 297 3b3780-3b378c 290->297 291->253 298 3b379a-3b37c1 291->298 292->253 293->253 295->294 296->253 297->253 299 3b37ce-3b37da 298->299 300 3b37c3-3b37c9 298->300 299->253 300->253
                                                                                                APIs
                                                                                                • GetVersionExW.KERNEL32(?), ref: 0037430D
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                • GetCurrentProcess.KERNEL32(?,0040CB64,00000000,?,?), ref: 00374422
                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00374429
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00374454
                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00374466
                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00374474
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 0037447B
                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 003744A0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                • API String ID: 3290436268-3101561225
                                                                                                • Opcode ID: bf18efc22efabbd3862e83f244338c70e6be63c467c5b564ef64dcf5250850ff
                                                                                                • Instruction ID: d2462e098557142f16a00fdd0923176d92fad378781cbcae8722370061629eb5
                                                                                                • Opcode Fuzzy Hash: bf18efc22efabbd3862e83f244338c70e6be63c467c5b564ef64dcf5250850ff
                                                                                                • Instruction Fuzzy Hash: BBA1D56A90A2D0CFE723CF6A7C812E43FA46B27344F0484B9D84597E32E3345598DB2D
                                                                                                Function 003742A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 638 3742a2-3742ba CreateStreamOnHGlobal 639 3742bc-3742d3 FindResourceExW 638->639 640 3742da-3742dd 638->640 641 3b35ba-3b35c9 LoadResource 639->641 642 3742d9 639->642 641->642 643 3b35cf-3b35dd SizeofResource 641->643 642->640 643->642 644 3b35e3-3b35ee LockResource 643->644 644->642 645 3b35f4-3b3612 644->645 645->642
                                                                                                APIs
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,003750AA,?,?,00000000,00000000), ref: 003742B2
                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,003750AA,?,?,00000000,00000000), ref: 003742C9
                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,003750AA,?,?,00000000,00000000,?,?,?,?,?,?,00374F20), ref: 003B35BE
                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,003750AA,?,?,00000000,00000000,?,?,?,?,?,?,00374F20), ref: 003B35D3
                                                                                                • LockResource.KERNEL32(003750AA,?,?,003750AA,?,?,00000000,00000000,?,?,?,?,?,?,00374F20,?), ref: 003B35E6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                • String ID: SCRIPT
                                                                                                • API String ID: 3051347437-3967369404
                                                                                                • Opcode ID: 38b1d96bfad9e620ec29c178d29888196495612d23af6a7bd479c66d0d9a8dd1
                                                                                                • Instruction ID: 2da501eef84d88543a59051c9def0392626aa25d03c4fba75249dd83ba4b3338
                                                                                                • Opcode Fuzzy Hash: 38b1d96bfad9e620ec29c178d29888196495612d23af6a7bd479c66d0d9a8dd1
                                                                                                • Instruction Fuzzy Hash: 1A117C71600700FFD7228B65DD88F677BBDEBC6B51F20866DF406A6690DB71E8108A61
                                                                                                Function 003B2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00372B6B
                                                                                                  • Part of subcall function 00373A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00441418,?,00372E7F,?,?,?,00000000), ref: 00373A78
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00432224), ref: 003B2C10
                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00432224), ref: 003B2C17
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                • String ID: runas
                                                                                                • API String ID: 448630720-4000483414
                                                                                                • Opcode ID: b754d8afc98b952b9f7b517a866e22684d1d1cccf43c7601d1582a5ff4dbf74f
                                                                                                • Instruction ID: 5b57c2858499df08b55cf6fad336a726f9ccefb5f0df37ac39edfe3d75bcf83a
                                                                                                • Opcode Fuzzy Hash: b754d8afc98b952b9f7b517a866e22684d1d1cccf43c7601d1582a5ff4dbf74f
                                                                                                • Instruction Fuzzy Hash: E911B431208345AAD737FF60D892AAE77A49F95300F04952EF14A1B0A3CF3C8549E716
                                                                                                Function 003DD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1153 3dd4dc-3dd524 CreateToolhelp32Snapshot Process32FirstW call 3ddef7 1156 3dd5d2-3dd5d5 1153->1156 1157 3dd529-3dd538 Process32NextW 1156->1157 1158 3dd5db-3dd5ea FindCloseChangeNotification 1156->1158 1157->1158 1159 3dd53e-3dd5ad call 37a961 * 2 call 379cb3 call 37525f call 37988f call 376350 call 38ce60 1157->1159 1174 3dd5af-3dd5b1 1159->1174 1175 3dd5b7-3dd5be 1159->1175 1176 3dd5c0-3dd5cd call 37988f * 2 1174->1176 1177 3dd5b3-3dd5b5 1174->1177 1175->1176 1176->1156 1177->1175 1177->1176
                                                                                                APIs
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 003DD501
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 003DD50F
                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 003DD52F
                                                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 003DD5DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                                                • String ID:
                                                                                                • API String ID: 3243318325-0
                                                                                                • Opcode ID: 52bded7bbc71e453d784806e0a324e2289d47f4a74091981afb1f05446b1cf14
                                                                                                • Instruction ID: c2eb1d1c181b1558477e2d8f34061ccf8e03e846dc043bb10c738a2fd202dccc
                                                                                                • Opcode Fuzzy Hash: 52bded7bbc71e453d784806e0a324e2289d47f4a74091981afb1f05446b1cf14
                                                                                                • Instruction Fuzzy Hash: C631A4320083009FD312EF54D881AAFBBF8EF99354F10452DF5859A2A1EB719945CB92
                                                                                                Function 003DDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1181 3ddbbe-3ddbda lstrlenW 1182 3ddbdc-3ddbe6 GetFileAttributesW 1181->1182 1183 3ddc06 1181->1183 1184 3ddc09-3ddc0d 1182->1184 1185 3ddbe8-3ddbf7 FindFirstFileW 1182->1185 1183->1184 1185->1183 1186 3ddbf9-3ddc04 FindClose 1185->1186 1186->1184
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(?,003B5222), ref: 003DDBCE
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 003DDBDD
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 003DDBEE
                                                                                                • FindClose.KERNEL32(00000000), ref: 003DDBFA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                • String ID:
                                                                                                • API String ID: 2695905019-0
                                                                                                • Opcode ID: 63131af062bc23065a9502860ce649716559e3dea8979338c32d842abc9ac7c6
                                                                                                • Instruction ID: e0874b611c472ab7a41e82c6c5a7a70b445046f98d483a0030a92396b2228fa0
                                                                                                • Opcode Fuzzy Hash: 63131af062bc23065a9502860ce649716559e3dea8979338c32d842abc9ac7c6
                                                                                                • Instruction Fuzzy Hash: 7FF0A03282091097C2216B78BE4E8BA376C9E01334F244757F836D26E1EBB059648699
                                                                                                Function 00394CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(003A28E9,?,00394CBE,003A28E9,004388B8,0000000C,00394E15,003A28E9,00000002,00000000,?,003A28E9), ref: 00394D09
                                                                                                • TerminateProcess.KERNEL32(00000000,?,00394CBE,003A28E9,004388B8,0000000C,00394E15,003A28E9,00000002,00000000,?,003A28E9), ref: 00394D10
                                                                                                • ExitProcess.KERNEL32 ref: 00394D22
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 1703294689-0
                                                                                                • Opcode ID: 727525433ca6c593f902dabe375353a145c555455255c28ba1769df85558bf7f
                                                                                                • Instruction ID: 5cf7ab36d29e5cd17ff62f778cb295aea76951aceff56ee21ad39ad36adbcf1d
                                                                                                • Opcode Fuzzy Hash: 727525433ca6c593f902dabe375353a145c555455255c28ba1769df85558bf7f
                                                                                                • Instruction Fuzzy Hash: 6EE0B635010148EBCF16AF64DE49E593B69FB46781B118124FC059A133CB35DD42CA84
                                                                                                Function 0037BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BuffCharUpper
                                                                                                • String ID: p#D
                                                                                                • API String ID: 3964851224-1688748970
                                                                                                • Opcode ID: 405696341e7140d85e5b3a82c22004167468db67110615d3704d106840e4856b
                                                                                                • Instruction ID: 7bfe0acf88868e31a3b64d9ba1f1b7b266a087bb7fee6125dff8a06271045873
                                                                                                • Opcode Fuzzy Hash: 405696341e7140d85e5b3a82c22004167468db67110615d3704d106840e4856b
                                                                                                • Instruction Fuzzy Hash: AFA28B70608341DFC726DF28C480B2ABBE5BF89304F15996DE99A8B352D735EC45CB92
                                                                                                Function 0037D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetInputState.USER32 ref: 0037D807
                                                                                                • timeGetTime.WINMM ref: 0037DA07
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0037DB28
                                                                                                • TranslateMessage.USER32(?), ref: 0037DB7B
                                                                                                • DispatchMessageW.USER32(?), ref: 0037DB89
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0037DB9F
                                                                                                • Sleep.KERNEL32(0000000A), ref: 0037DBB1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                • String ID:
                                                                                                • API String ID: 2189390790-0
                                                                                                • Opcode ID: 6cc2488b06553221ac8875ccac86e2f4ab3f55deef7386e0fafe699b0afdc35f
                                                                                                • Instruction ID: 2f6cdb1c8022e143fdd6f617cbdf9829909fa63e303f0be1c4df542d68f8fdf5
                                                                                                • Opcode Fuzzy Hash: 6cc2488b06553221ac8875ccac86e2f4ab3f55deef7386e0fafe699b0afdc35f
                                                                                                • Instruction Fuzzy Hash: C142CE30608341EFD736DB24C884F6AB7B4BF86304F15866DE55A9B291D778EC44CB92
                                                                                                Function 00372CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00372D07
                                                                                                • RegisterClassExW.USER32(00000030), ref: 00372D31
                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00372D42
                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00372D5F
                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00372D6F
                                                                                                • LoadIconW.USER32(000000A9), ref: 00372D85
                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00372D94
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                • API String ID: 2914291525-1005189915
                                                                                                • Opcode ID: d74558e3205822db004112df4f18e5e1ba036d354f8906cb0e928b73a9d5088e
                                                                                                • Instruction ID: 34d960e79a594a100cd2729c670aa1fc90e195341911511c44e57a27414f32b0
                                                                                                • Opcode Fuzzy Hash: d74558e3205822db004112df4f18e5e1ba036d354f8906cb0e928b73a9d5088e
                                                                                                • Instruction Fuzzy Hash: 6821E4B5901209EFDB00DFA4E989B9DBBB4FB09700F00822AE911B62A0D7B50584CF98
                                                                                                Function 003B065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 302 3b065b-3b068b call 3b042f 305 3b068d-3b0698 call 39f2c6 302->305 306 3b06a6-3b06b2 call 3a5221 302->306 311 3b069a-3b06a1 call 39f2d9 305->311 312 3b06cb-3b0714 call 3b039a 306->312 313 3b06b4-3b06c9 call 39f2c6 call 39f2d9 306->313 322 3b097d-3b0983 311->322 320 3b0781-3b078a GetFileType 312->320 321 3b0716-3b071f 312->321 313->311 327 3b078c-3b07bd GetLastError call 39f2a3 CloseHandle 320->327 328 3b07d3-3b07d6 320->328 325 3b0721-3b0725 321->325 326 3b0756-3b077c GetLastError call 39f2a3 321->326 325->326 331 3b0727-3b0754 call 3b039a 325->331 326->311 327->311 339 3b07c3-3b07ce call 39f2d9 327->339 329 3b07d8-3b07dd 328->329 330 3b07df-3b07e5 328->330 334 3b07e9-3b0837 call 3a516a 329->334 330->334 335 3b07e7 330->335 331->320 331->326 345 3b0839-3b0845 call 3b05ab 334->345 346 3b0847-3b086b call 3b014d 334->346 335->334 339->311 345->346 353 3b086f-3b0879 call 3a86ae 345->353 351 3b087e-3b08c1 346->351 352 3b086d 346->352 355 3b08c3-3b08c7 351->355 356 3b08e2-3b08f0 351->356 352->353 353->322 355->356 358 3b08c9-3b08dd 355->358 359 3b097b 356->359 360 3b08f6-3b08fa 356->360 358->356 359->322 360->359 361 3b08fc-3b092f CloseHandle call 3b039a 360->361 364 3b0963-3b0977 361->364 365 3b0931-3b095d GetLastError call 39f2a3 call 3a5333 361->365 364->359 365->364
                                                                                                APIs
                                                                                                  • Part of subcall function 003B039A: CreateFileW.KERNEL32(00000000,00000000,?,003B0704,?,?,00000000,?,003B0704,00000000,0000000C), ref: 003B03B7
                                                                                                • GetLastError.KERNEL32 ref: 003B076F
                                                                                                • __dosmaperr.LIBCMT ref: 003B0776
                                                                                                • GetFileType.KERNEL32(00000000), ref: 003B0782
                                                                                                • GetLastError.KERNEL32 ref: 003B078C
                                                                                                • __dosmaperr.LIBCMT ref: 003B0795
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003B07B5
                                                                                                • CloseHandle.KERNEL32(?), ref: 003B08FF
                                                                                                • GetLastError.KERNEL32 ref: 003B0931
                                                                                                • __dosmaperr.LIBCMT ref: 003B0938
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                • String ID: H
                                                                                                • API String ID: 4237864984-2852464175
                                                                                                • Opcode ID: 7ed9040503b1419186ad5061bf1fea2af7e48df82ad6fee308bb15c81801d1fa
                                                                                                • Instruction ID: 0439cf58a31caa194441edc627de430d7eb921a8679a62d0c0f4638bd1d03397
                                                                                                • Opcode Fuzzy Hash: 7ed9040503b1419186ad5061bf1fea2af7e48df82ad6fee308bb15c81801d1fa
                                                                                                • Instruction Fuzzy Hash: 59A12736A141088FDF1EAF68D852BEE7BA0EB06324F140169F955EF291DB319912CB91
                                                                                                Function 0037344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                  • Part of subcall function 00373A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00441418,?,00372E7F,?,?,?,00000000), ref: 00373A78
                                                                                                  • Part of subcall function 00373357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00373379
                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0037356A
                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 003B318D
                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 003B31CE
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 003B3210
                                                                                                • _wcslen.LIBCMT ref: 003B3277
                                                                                                • _wcslen.LIBCMT ref: 003B3286
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                • API String ID: 98802146-2727554177
                                                                                                • Opcode ID: 7354c6901005ed91ec909904c0f9c8e2007c46e7bedb2405f5e494c51c6a6102
                                                                                                • Instruction ID: 94345ba15c128c42ba21fc05f9eb1341fd64a2dcdbc63141dddb7c3c77cd7783
                                                                                                • Opcode Fuzzy Hash: 7354c6901005ed91ec909904c0f9c8e2007c46e7bedb2405f5e494c51c6a6102
                                                                                                • Instruction Fuzzy Hash: 8771B0714043019ED315EF65DD8299BBBF8FF86740F80493EF9449B1A0DB789A48CB56
                                                                                                Function 00372B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00372B8E
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00372B9D
                                                                                                • LoadIconW.USER32(00000063), ref: 00372BB3
                                                                                                • LoadIconW.USER32(000000A4), ref: 00372BC5
                                                                                                • LoadIconW.USER32(000000A2), ref: 00372BD7
                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00372BEF
                                                                                                • RegisterClassExW.USER32(?), ref: 00372C40
                                                                                                  • Part of subcall function 00372CD4: GetSysColorBrush.USER32(0000000F), ref: 00372D07
                                                                                                  • Part of subcall function 00372CD4: RegisterClassExW.USER32(00000030), ref: 00372D31
                                                                                                  • Part of subcall function 00372CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00372D42
                                                                                                  • Part of subcall function 00372CD4: InitCommonControlsEx.COMCTL32(?), ref: 00372D5F
                                                                                                  • Part of subcall function 00372CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00372D6F
                                                                                                  • Part of subcall function 00372CD4: LoadIconW.USER32(000000A9), ref: 00372D85
                                                                                                  • Part of subcall function 00372CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00372D94
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                • String ID: #$0$AutoIt v3
                                                                                                • API String ID: 423443420-4155596026
                                                                                                • Opcode ID: 784d97c01cc7fe84274278edd8274f23e4a79f4627cc48ab9619d8ccb4850247
                                                                                                • Instruction ID: 5c744ba9a7749fdd347af37a8b15f2d3aa7e975f75ee8f66ac037529a056a261
                                                                                                • Opcode Fuzzy Hash: 784d97c01cc7fe84274278edd8274f23e4a79f4627cc48ab9619d8ccb4850247
                                                                                                • Instruction Fuzzy Hash: 69214C78E40314ABEB109FA5ED85A997FB4FB09B50F00413AF901B76B0D3B50580CF98
                                                                                                Function 00373170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 443 373170-373185 444 373187-37318a 443->444 445 3731e5-3731e7 443->445 446 37318c-373193 444->446 447 3731eb 444->447 445->444 448 3731e9 445->448 449 373265-37326d PostQuitMessage 446->449 450 373199-37319e 446->450 452 3b2dfb-3b2e23 call 3718e2 call 38e499 447->452 453 3731f1-3731f6 447->453 451 3731d0-3731d8 DefWindowProcW 448->451 458 373219-37321b 449->458 455 3731a4-3731a8 450->455 456 3b2e7c-3b2e90 call 3dbf30 450->456 457 3731de-3731e4 451->457 487 3b2e28-3b2e2f 452->487 459 37321d-373244 SetTimer RegisterWindowMessageW 453->459 460 3731f8-3731fb 453->460 462 3b2e68-3b2e77 call 3dc161 455->462 463 3731ae-3731b3 455->463 456->458 481 3b2e96 456->481 458->457 459->458 464 373246-373251 CreatePopupMenu 459->464 466 373201-37320f KillTimer call 3730f2 460->466 467 3b2d9c-3b2d9f 460->467 462->458 470 3b2e4d-3b2e54 463->470 471 3731b9-3731be 463->471 464->458 476 373214 call 373c50 466->476 473 3b2da1-3b2da5 467->473 474 3b2dd7-3b2df6 MoveWindow 467->474 470->451 484 3b2e5a-3b2e63 call 3d0ad7 470->484 479 3731c4-3731ca 471->479 480 373253-373263 call 37326f 471->480 482 3b2da7-3b2daa 473->482 483 3b2dc6-3b2dd2 SetFocus 473->483 474->458 476->458 479->451 479->487 480->458 481->451 482->479 488 3b2db0-3b2dc1 call 3718e2 482->488 483->458 484->451 487->451 492 3b2e35-3b2e48 call 3730f2 call 373837 487->492 488->458 492->451
                                                                                                APIs
                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0037316A,?,?), ref: 003731D8
                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,0037316A,?,?), ref: 00373204
                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00373227
                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0037316A,?,?), ref: 00373232
                                                                                                • CreatePopupMenu.USER32 ref: 00373246
                                                                                                • PostQuitMessage.USER32(00000000), ref: 00373267
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                • String ID: TaskbarCreated
                                                                                                • API String ID: 129472671-2362178303
                                                                                                • Opcode ID: 7d80cb7951cc5809d4e391032ddbba533fcd00451ee36b21aaf659075c6e7cd6
                                                                                                • Instruction ID: 67e57379a62e9193b242c7d220e656421ba43999b15ddd9af336132ac3a5e4c9
                                                                                                • Opcode Fuzzy Hash: 7d80cb7951cc5809d4e391032ddbba533fcd00451ee36b21aaf659075c6e7cd6
                                                                                                • Instruction Fuzzy Hash: 41414935250204E6EB372B78DD49BB93719E706340F14C236F91A966B2C77CCA80E76A
                                                                                                Function 00371410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 499 371410-371449 500 3b24b8-3b24b9 DestroyWindow 499->500 501 37144f-371465 mciSendStringW 499->501 504 3b24c4-3b24d1 500->504 502 3716c6-3716d3 501->502 503 37146b-371473 501->503 506 3716d5-3716f0 UnregisterHotKey 502->506 507 3716f8-3716ff 502->507 503->504 505 371479-371488 call 37182e 503->505 510 3b24d3-3b24d6 504->510 511 3b2500-3b2507 504->511 519 3b250e-3b251a 505->519 520 37148e-371496 505->520 506->507 508 3716f2-3716f3 call 3710d0 506->508 507->503 509 371705 507->509 508->507 509->502 515 3b24d8-3b24e0 call 376246 510->515 516 3b24e2-3b24e5 FindClose 510->516 511->504 514 3b2509 511->514 514->519 518 3b24eb-3b24f8 515->518 516->518 518->511 522 3b24fa-3b24fb call 3e32b1 518->522 525 3b251c-3b251e FreeLibrary 519->525 526 3b2524-3b252b 519->526 523 3b2532-3b253f 520->523 524 37149c-3714c1 call 37cfa0 520->524 522->511 531 3b2541-3b255e VirtualFree 523->531 532 3b2566-3b256d 523->532 536 3714c3 524->536 537 3714f8-371503 OleUninitialize 524->537 525->526 526->519 530 3b252d 526->530 530->523 531->532 535 3b2560-3b2561 call 3e3317 531->535 532->523 533 3b256f 532->533 539 3b2574-3b2578 533->539 535->532 540 3714c6-3714f6 call 371a05 call 3719ae 536->540 537->539 541 371509-37150e 537->541 539->541 542 3b257e-3b2584 539->542 540->537 544 3b2589-3b2596 call 3e32eb 541->544 545 371514-37151e 541->545 542->541 557 3b2598 544->557 548 371707-371714 call 38f80e 545->548 549 371524-3715a5 call 37988f call 371944 call 3717d5 call 38fe14 call 37177c call 37988f call 37cfa0 call 3717fe call 38fe14 545->549 548->549 560 37171a 548->560 562 3b259d-3b25bf call 38fdcd 549->562 588 3715ab-3715cf call 38fe14 549->588 557->562 560->548 568 3b25c1 562->568 570 3b25c6-3b25e8 call 38fdcd 568->570 576 3b25ea 570->576 579 3b25ef-3b2611 call 38fdcd 576->579 585 3b2613 579->585 589 3b2618-3b2625 call 3d64d4 585->589 588->570 594 3715d5-3715f9 call 38fe14 588->594 595 3b2627 589->595 594->579 600 3715ff-371619 call 38fe14 594->600 598 3b262c-3b2639 call 38ac64 595->598 603 3b263b 598->603 600->589 605 37161f-371643 call 3717d5 call 38fe14 600->605 606 3b2640-3b264d call 3e3245 603->606 605->598 614 371649-371651 605->614 612 3b264f 606->612 615 3b2654-3b2661 call 3e32cc 612->615 614->606 616 371657-371675 call 37988f call 37190a 614->616 622 3b2663 615->622 616->615 624 37167b-371689 616->624 625 3b2668-3b2675 call 3e32cc 622->625 624->625 626 37168f-3716c5 call 37988f * 3 call 371876 624->626 630 3b2677 625->630 630->630
                                                                                                APIs
                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00371459
                                                                                                • OleUninitialize.OLE32(?,00000000), ref: 003714F8
                                                                                                • UnregisterHotKey.USER32(?), ref: 003716DD
                                                                                                • DestroyWindow.USER32(?), ref: 003B24B9
                                                                                                • FreeLibrary.KERNEL32(?), ref: 003B251E
                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 003B254B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                • String ID: close all
                                                                                                • API String ID: 469580280-3243417748
                                                                                                • Opcode ID: 8fba47151670f7c74db5cb974ae6d38149f10c218c93cd998368aafd6db99574
                                                                                                • Instruction ID: ceca172878a78d7c99e2717e0c5ab27b246afc7f095b39428eba0b0440985256
                                                                                                • Opcode Fuzzy Hash: 8fba47151670f7c74db5cb974ae6d38149f10c218c93cd998368aafd6db99574
                                                                                                • Instruction Fuzzy Hash: 95D1AF32701212CFCB2AEF19C495B69F7A4BF05704F1582AEE94A6B651CB34ED12CF54
                                                                                                Function 00372C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 648 372c63-372cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00372C91
                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00372CB2
                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00371CAD,?), ref: 00372CC6
                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00371CAD,?), ref: 00372CCF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$CreateShow
                                                                                                • String ID: AutoIt v3$edit
                                                                                                • API String ID: 1584632944-3779509399
                                                                                                • Opcode ID: 396ae771297733c1ec9bfbf3c93604707dab1375e43c4730e0d81181769d0efc
                                                                                                • Instruction ID: c5f052f2ecca63b6eb7e0b76c9e4b917d273a157cfd3dafffa4114c98ec10b25
                                                                                                • Opcode Fuzzy Hash: 396ae771297733c1ec9bfbf3c93604707dab1375e43c4730e0d81181769d0efc
                                                                                                • Instruction Fuzzy Hash: 9BF0DA79540290BAFB311B17AC48E772EBDD7C7F50B10407AFD00A35B0C6751894DAB8
                                                                                                Function 003FAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 763 3fad64-3fad9c call 37a961 call 392340 768 3fad9e-3fadb5 call 377510 763->768 769 3fadd1-3fadd5 763->769 768->769 780 3fadb7-3fadce call 377510 call 377620 768->780 771 3fadd7-3fadee call 377510 call 377620 769->771 772 3fadf1-3fadf5 769->772 771->772 774 3fae3a 772->774 775 3fadf7-3fae0e call 377510 772->775 778 3fae3c-3fae40 774->778 775->778 789 3fae10-3fae21 call 379b47 775->789 782 3fae53-3faeae call 392340 call 377510 ShellExecuteExW 778->782 783 3fae42-3fae50 call 37b567 778->783 780->769 800 3faeb7-3faeb9 782->800 801 3faeb0-3faeb6 call 38fe14 782->801 783->782 789->774 799 3fae23-3fae2e call 377510 789->799 799->774 810 3fae30-3fae35 call 37a8c7 799->810 805 3faebb-3faec1 call 38fe14 800->805 806 3faec2-3faec6 800->806 801->800 805->806 807 3faf0a-3faf0e 806->807 808 3faec8-3faed6 806->808 815 3faf1b-3faf33 call 37cfa0 807->815 816 3faf10-3faf19 807->816 813 3faedb-3faeeb 808->813 814 3faed8 808->814 810->774 818 3faeed 813->818 819 3faef0-3faf08 call 37cfa0 813->819 814->813 820 3faf6d-3faf7b call 37988f 815->820 827 3faf35-3faf46 GetProcessId 815->827 816->820 818->819 819->820 828 3faf4e-3faf67 call 37cfa0 CloseHandle 827->828 829 3faf48 827->829 828->820 829->828
                                                                                                APIs
                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 003FAEA3
                                                                                                  • Part of subcall function 00377620: _wcslen.LIBCMT ref: 00377625
                                                                                                • GetProcessId.KERNEL32(00000000), ref: 003FAF38
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003FAF67
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                • String ID: <$@
                                                                                                • API String ID: 146682121-1426351568
                                                                                                • Opcode ID: 9c2be3e5a67208800959fac39e12f09f1e3bf9c4d2e7106856685dc8940e248f
                                                                                                • Instruction ID: 0c2eb170da08ab78e49b3a6b0aedaa5fbb99d2566cfa85e82954a4fa833409b6
                                                                                                • Opcode Fuzzy Hash: 9c2be3e5a67208800959fac39e12f09f1e3bf9c4d2e7106856685dc8940e248f
                                                                                                • Instruction Fuzzy Hash: CD715A71A00619DFCB16DF54C484AAEBBF0BF08314F1584A9E91AAF352C774ED41CB91
                                                                                                Function 00373B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1142 373b1c-373b27 1143 373b99-373b9b 1142->1143 1144 373b29-373b2e 1142->1144 1145 373b8c-373b8f 1143->1145 1144->1143 1146 373b30-373b48 RegOpenKeyExW 1144->1146 1146->1143 1147 373b4a-373b69 RegQueryValueExW 1146->1147 1148 373b80-373b8b RegCloseKey 1147->1148 1149 373b6b-373b76 1147->1149 1148->1145 1150 373b90-373b97 1149->1150 1151 373b78-373b7a 1149->1151 1152 373b7e 1150->1152 1151->1152 1152->1148
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00373B0F,SwapMouseButtons,00000004,?), ref: 00373B40
                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00373B0F,SwapMouseButtons,00000004,?), ref: 00373B61
                                                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00373B0F,SwapMouseButtons,00000004,?), ref: 00373B83
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID: Control Panel\Mouse
                                                                                                • API String ID: 3677997916-824357125
                                                                                                • Opcode ID: 9e8e91cab4cc28a3e186071ed917a6edfaea934a149a393f42bc85ad0a0acc1a
                                                                                                • Instruction ID: 649d1c9b970908e59faa072ddfbe33bf138d7a0a9ba2739ac72736ef742ef18b
                                                                                                • Opcode Fuzzy Hash: 9e8e91cab4cc28a3e186071ed917a6edfaea934a149a393f42bc85ad0a0acc1a
                                                                                                • Instruction Fuzzy Hash: 10112AB5510208FFDB218FA5DC84AEEB7BCEF44744B11856AA809E7110D2359E40A7A4
                                                                                                Function 00373923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 003B33A2
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00373A04
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                • String ID: Line:
                                                                                                • API String ID: 2289894680-1585850449
                                                                                                • Opcode ID: 99d4f534a6ec6c81b76c9496f886f33d8370998d747eed4611f784696e9b7276
                                                                                                • Instruction ID: 1c14e9335ec686cccb52c2f68d82e83cee6db8e461923bec3d33dbffb5abdb88
                                                                                                • Opcode Fuzzy Hash: 99d4f534a6ec6c81b76c9496f886f33d8370998d747eed4611f784696e9b7276
                                                                                                • Instruction Fuzzy Hash: 2231D671508310AAD732EF20DC56BEFB7E8AB81710F10892AF59D970A1DB789648C7C6
                                                                                                Function 00372DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 003B2C8C
                                                                                                  • Part of subcall function 00373AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00373A97,?,?,00372E7F,?,?,?,00000000), ref: 00373AC2
                                                                                                  • Part of subcall function 00372DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00372DC4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                • String ID: X$`eC
                                                                                                • API String ID: 779396738-1587089302
                                                                                                • Opcode ID: 2f44cf31e93664fe98e7ff66dd4d288901b29dea1ce2eb6bd96c449c3588cca7
                                                                                                • Instruction ID: db2a1c97d808d1d7a189f0dd30ef7e967841a769db80475fae2bf17b0e7b0db0
                                                                                                • Opcode Fuzzy Hash: 2f44cf31e93664fe98e7ff66dd4d288901b29dea1ce2eb6bd96c449c3588cca7
                                                                                                • Instruction Fuzzy Hash: 6A216371A00258ABDB52DF94C845BEE7BFCAF49314F00C05AE509BB241DBB85A898B65
                                                                                                Function 0038FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00390668
                                                                                                  • Part of subcall function 003932A4: RaiseException.KERNEL32(?,?,?,0039068A,?,00441444,?,?,?,?,?,?,0039068A,00371129,00438738,00371129), ref: 00393304
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00390685
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                • String ID: Unknown exception
                                                                                                • API String ID: 3476068407-410509341
                                                                                                • Opcode ID: 759f00aa6295dcd92fdf92a2193ec331cac8e3743c30fb32f5679db8dbfcb23b
                                                                                                • Instruction ID: 565b253572fbb4b4a497769f9d867e0c57eca9d12e3ff30ad7e5ed0c15e081fa
                                                                                                • Opcode Fuzzy Hash: 759f00aa6295dcd92fdf92a2193ec331cac8e3743c30fb32f5679db8dbfcb23b
                                                                                                • Instruction Fuzzy Hash: BAF0F63490030DBBCF06B7A4DC46D9EB76C9E00310B604575B924DA9D5EF71EB6AC6C0
                                                                                                Function 003710F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00371BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00371BF4
                                                                                                  • Part of subcall function 00371BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00371BFC
                                                                                                  • Part of subcall function 00371BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00371C07
                                                                                                  • Part of subcall function 00371BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00371C12
                                                                                                  • Part of subcall function 00371BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00371C1A
                                                                                                  • Part of subcall function 00371BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00371C22
                                                                                                  • Part of subcall function 00371B4A: RegisterWindowMessageW.USER32(00000004,?,003712C4), ref: 00371BA2
                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0037136A
                                                                                                • OleInitialize.OLE32 ref: 00371388
                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 003B24AB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1986988660-0
                                                                                                • Opcode ID: 8384c432e7d0dcf1517112d2b4852fd6b8891caad050ef09131102481ca816c4
                                                                                                • Instruction ID: b92716a4807b7ac81709fe0091c905c3a7b69b935d80c6e368c0aaf015137f9c
                                                                                                • Opcode Fuzzy Hash: 8384c432e7d0dcf1517112d2b4852fd6b8891caad050ef09131102481ca816c4
                                                                                                • Instruction Fuzzy Hash: EA71ACBD911304AFD385EF79ED856953AE0BB8A344714823AD51ADB271EB3844C0CF4C
                                                                                                Function 003A86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,003A85CC,?,00438CC8,0000000C), ref: 003A8704
                                                                                                • GetLastError.KERNEL32(?,003A85CC,?,00438CC8,0000000C), ref: 003A870E
                                                                                                • __dosmaperr.LIBCMT ref: 003A8739
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                • String ID:
                                                                                                • API String ID: 490808831-0
                                                                                                • Opcode ID: d41858f94dd6918ce23badf15f2edc75fc8a40f3b3721c0993e9325c63bdcb15
                                                                                                • Instruction ID: 4f435b2815cda2ebadf37007a22549d3656711769b6093160b1ff3fb75029176
                                                                                                • Opcode Fuzzy Hash: d41858f94dd6918ce23badf15f2edc75fc8a40f3b3721c0993e9325c63bdcb15
                                                                                                • Instruction Fuzzy Hash: 92012B3660562026EA6763346849B7E6749CBD3774F3A0229FA149F1E2DEB1CC858294
                                                                                                Function 00381310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 003817F6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Init_thread_footer
                                                                                                • String ID: CALL
                                                                                                • API String ID: 1385522511-4196123274
                                                                                                • Opcode ID: 4c2c0935105114632095b4b378acc257210d7ff7a3848091ab44338608782883
                                                                                                • Instruction ID: 2fb1fef86c8ec80746f42e01e3eef1970131dd0a3aa863b05cba62aef3a7052b
                                                                                                • Opcode Fuzzy Hash: 4c2c0935105114632095b4b378acc257210d7ff7a3848091ab44338608782883
                                                                                                • Instruction Fuzzy Hash: CE228B706083419FC716EF14C481B2ABBF9BF85314F2489ADF4968B7A1D771E946CB82
                                                                                                Function 00373837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00373908
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_
                                                                                                • String ID:
                                                                                                • API String ID: 1144537725-0
                                                                                                • Opcode ID: 6ce73a715dca462874c2be770e87aef08ed20354ebfc15cfd2bad40eca0fcfd9
                                                                                                • Instruction ID: c8cf36b1b2a3b9cdceb829dd1fbb275b1600212f65ce47936f1bd55174d8a303
                                                                                                • Opcode Fuzzy Hash: 6ce73a715dca462874c2be770e87aef08ed20354ebfc15cfd2bad40eca0fcfd9
                                                                                                • Instruction Fuzzy Hash: 6131BF74504701EFE722DF24D884797BBE8FB49708F00092EFA9D87250E775AA48DB52
                                                                                                Function 00374ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00374E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00374EDD,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374E9C
                                                                                                  • Part of subcall function 00374E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00374EAE
                                                                                                  • Part of subcall function 00374E90: FreeLibrary.KERNEL32(00000000,?,?,00374EDD,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374EC0
                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374EFD
                                                                                                  • Part of subcall function 00374E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,003B3CDE,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374E62
                                                                                                  • Part of subcall function 00374E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00374E74
                                                                                                  • Part of subcall function 00374E59: FreeLibrary.KERNEL32(00000000,?,?,003B3CDE,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374E87
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                • String ID:
                                                                                                • API String ID: 2632591731-0
                                                                                                • Opcode ID: 556fc44228ddb4abb2813feff567100bc02d8682582ec9d323adb5551bd778e9
                                                                                                • Instruction ID: 2284e7fbbd9c67a532a119c09220a43fefe28c91022d8e2ecf4ea60555fd8055
                                                                                                • Opcode Fuzzy Hash: 556fc44228ddb4abb2813feff567100bc02d8682582ec9d323adb5551bd778e9
                                                                                                • Instruction Fuzzy Hash: 8511C132600215AADF26AB60DC02FAD77A5AF44B11F20C42DF54ABA1C1EFB8AA059750
                                                                                                Function 003A8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __wsopen_s
                                                                                                • String ID:
                                                                                                • API String ID: 3347428461-0
                                                                                                • Opcode ID: 9a5b2e4a864762b32d81424bc42b8705240649e53ac01f239da21cdaa89e9a4c
                                                                                                • Instruction ID: 97fe5077b6ed34560deefded560adddc5a923511bc44e730a529f727bcbf10df
                                                                                                • Opcode Fuzzy Hash: 9a5b2e4a864762b32d81424bc42b8705240649e53ac01f239da21cdaa89e9a4c
                                                                                                • Instruction Fuzzy Hash: 01111C7590420AAFCB06DF59E94199A7BF9EF49314F114059F804AB311D731DA11CB65
                                                                                                Function 003A5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003A4C7D: RtlAllocateHeap.NTDLL(00000008,00371129,00000000,?,003A2E29,00000001,00000364,?,?,?,0039F2DE,003A3863,00441444,?,0038FDF5,?), ref: 003A4CBE
                                                                                                • _free.LIBCMT ref: 003A506C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 614378929-0
                                                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                • Instruction ID: 317125744733dfa4a9bf095fa0af902176e23e17018aedff64f1e89cc985d03f
                                                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                • Instruction Fuzzy Hash: BD0126722047046BE322CF699885A9AFBECFB8A370F25051DE18487280EA70A805C6B4
                                                                                                Function 0039E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                • Instruction ID: 8215734dfdc526fee79d10695daf7705a3d780780325cea09dc2a4111bd3163b
                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                • Instruction Fuzzy Hash: 0BF0F432510E10AADF337A699C05B5B339CDFA3330F110715F8209A2D2DB74D8018AA5
                                                                                                Function 003A4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000008,00371129,00000000,?,003A2E29,00000001,00000364,?,?,?,0039F2DE,003A3863,00441444,?,0038FDF5,?), ref: 003A4CBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 5d2d8e2dfe8d21926831390c781314f4f2790b01d4ee3a48501d4a5b7b2ac52e
                                                                                                • Instruction ID: 96a322293b5f27770129a4fccb0bfeb25fbcb42f279757e0ac78073b2ce6a277
                                                                                                • Opcode Fuzzy Hash: 5d2d8e2dfe8d21926831390c781314f4f2790b01d4ee3a48501d4a5b7b2ac52e
                                                                                                • Instruction Fuzzy Hash: B1F0B43164622476EB235F629C09F5A3788EFC3BB0B168221B81DAA191CAF0D80147A0
                                                                                                Function 003A3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00441444,?,0038FDF5,?,?,0037A976,00000010,00441440,003713FC,?,003713C6,?,00371129), ref: 003A3852
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: e16f20ee1b5e49e1c231968c6c18d32149f8dcbdde9740ba5c05ec6953a377df
                                                                                                • Instruction ID: 0a0cd8b4775863e9fdd5032eec19d557e8ff101354b7e321de033cdfc525f07f
                                                                                                • Opcode Fuzzy Hash: e16f20ee1b5e49e1c231968c6c18d32149f8dcbdde9740ba5c05ec6953a377df
                                                                                                • Instruction Fuzzy Hash: A5E0E53150122496EB232B669C04F9A374CEF437B0F060130BC059A890DB28DD0582E1
                                                                                                Function 00374F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FreeLibrary.KERNEL32(?,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374F6D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeLibrary
                                                                                                • String ID:
                                                                                                • API String ID: 3664257935-0
                                                                                                • Opcode ID: c6f09bb6a595cb8333070527ab022e7530adf442db70a60b36ab003ad7c2545f
                                                                                                • Instruction ID: b7f553b6b073e5171ae40eb2da3bd0f7fa1c432ae4a9ab60ec0a5c01ec19ab3e
                                                                                                • Opcode Fuzzy Hash: c6f09bb6a595cb8333070527ab022e7530adf442db70a60b36ab003ad7c2545f
                                                                                                • Instruction Fuzzy Hash: 76F03971105752CFDB369F64E490822FBE4EF15329321CA7EE1EE86A21C736A844DF10
                                                                                                Function 003730F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0037314E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_
                                                                                                • String ID:
                                                                                                • API String ID: 1144537725-0
                                                                                                • Opcode ID: 06f86ce3fc2664378f01a8a510cf9195729c2ca0a6f79c1ad1be11f9584476c7
                                                                                                • Instruction ID: 7706fe0fb739f8e58f8bff24590ef32f86c19260ea93d2a3b9f15a4308c278a3
                                                                                                • Opcode Fuzzy Hash: 06f86ce3fc2664378f01a8a510cf9195729c2ca0a6f79c1ad1be11f9584476c7
                                                                                                • Instruction Fuzzy Hash: 0EF03774914314AFEB639F24DC457D67BFCAB01708F0001F5A54896291D77457C8CF55
                                                                                                Function 00372DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00372DC4
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongNamePath_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 541455249-0
                                                                                                • Opcode ID: 0e6c5e9d11548ae4173c03b2b7efe34780034c2ed748eef57df0903129232926
                                                                                                • Instruction ID: e850a76ecf23f59aa4a876060c73b66051da94d2e45f7a4327e9a4dfda4e80c6
                                                                                                • Opcode Fuzzy Hash: 0e6c5e9d11548ae4173c03b2b7efe34780034c2ed748eef57df0903129232926
                                                                                                • Instruction Fuzzy Hash: 9BE0C272A002245BCB21A3989C06FEA77EDDFC8790F0442B5FD09EB249DA74AD80C690
                                                                                                Function 00372B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00373837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00373908
                                                                                                  • Part of subcall function 0037D730: GetInputState.USER32 ref: 0037D807
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00372B6B
                                                                                                  • Part of subcall function 003730F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0037314E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                • String ID:
                                                                                                • API String ID: 3667716007-0
                                                                                                • Opcode ID: cd16edc88eecc1549fc6485c86f62cdfd52520816d79a5ea72a9b1ab040d3c9f
                                                                                                • Instruction ID: 08322ebe0b3bf1daabded74dfd38e63cbbc1869db9a27ec494f414423599b77e
                                                                                                • Opcode Fuzzy Hash: cd16edc88eecc1549fc6485c86f62cdfd52520816d79a5ea72a9b1ab040d3c9f
                                                                                                • Instruction Fuzzy Hash: F7E0262130024816C62ABB30985256DA7598BD2311F00853EF04E4B1A3CF3C45895212
                                                                                                Function 003B039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,00000000,?,003B0704,?,?,00000000,?,003B0704,00000000,0000000C), ref: 003B03B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 3db14531b5655632bd4de9bfbd1ccc228187a0d6a5c6f93a96f13acb8b32b91e
                                                                                                • Instruction ID: 65bb30d15aeb228a9d506d69e1faed6429bebac3f4a4e7f702ea3743d389460b
                                                                                                • Opcode Fuzzy Hash: 3db14531b5655632bd4de9bfbd1ccc228187a0d6a5c6f93a96f13acb8b32b91e
                                                                                                • Instruction Fuzzy Hash: 85D06C3204010DFBDF028F84DD46EDA3BAAFB48714F014110BE1866020C732E821AB94
                                                                                                Function 00371CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00371CBC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoParametersSystem
                                                                                                • String ID:
                                                                                                • API String ID: 3098949447-0
                                                                                                • Opcode ID: d1ef19c2f059073f1d2a0b3f62c41bb29c1929f54d2a5ffd4c8f3fe3a84af1a2
                                                                                                • Instruction ID: 4ddc74b12658c8889ec8a272dd17212f7d240d41b84af1ae17668a3dda0e30e9
                                                                                                • Opcode Fuzzy Hash: d1ef19c2f059073f1d2a0b3f62c41bb29c1929f54d2a5ffd4c8f3fe3a84af1a2
                                                                                                • Instruction Fuzzy Hash: 41C09B3D280314FFF2144B80BD4AF107754A349F00F444011F609655F3C3F11450E658

                                                                                                Non-executed Functions

                                                                                                Function 00409576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0040961A
                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0040965B
                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0040969F
                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004096C9
                                                                                                • SendMessageW.USER32 ref: 004096F2
                                                                                                • GetKeyState.USER32(00000011), ref: 0040978B
                                                                                                • GetKeyState.USER32(00000009), ref: 00409798
                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 004097AE
                                                                                                • GetKeyState.USER32(00000010), ref: 004097B8
                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004097E9
                                                                                                • SendMessageW.USER32 ref: 00409810
                                                                                                • SendMessageW.USER32(?,00001030,?,00407E95), ref: 00409918
                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0040992E
                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00409941
                                                                                                • SetCapture.USER32(?), ref: 0040994A
                                                                                                • ClientToScreen.USER32(?,?), ref: 004099AF
                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 004099BC
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 004099D6
                                                                                                • ReleaseCapture.USER32 ref: 004099E1
                                                                                                • GetCursorPos.USER32(?), ref: 00409A19
                                                                                                • ScreenToClient.USER32(?,?), ref: 00409A26
                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00409A80
                                                                                                • SendMessageW.USER32 ref: 00409AAE
                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00409AEB
                                                                                                • SendMessageW.USER32 ref: 00409B1A
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00409B3B
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00409B4A
                                                                                                • GetCursorPos.USER32(?), ref: 00409B68
                                                                                                • ScreenToClient.USER32(?,?), ref: 00409B75
                                                                                                • GetParent.USER32(?), ref: 00409B93
                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00409BFA
                                                                                                • SendMessageW.USER32 ref: 00409C2B
                                                                                                • ClientToScreen.USER32(?,?), ref: 00409C84
                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00409CB4
                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00409CDE
                                                                                                • SendMessageW.USER32 ref: 00409D01
                                                                                                • ClientToScreen.USER32(?,?), ref: 00409D4E
                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00409D82
                                                                                                  • Part of subcall function 00389944: GetWindowLongW.USER32(?,000000EB), ref: 00389952
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00409E05
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                • String ID: @GUI_DRAGID$F$p#D
                                                                                                • API String ID: 3429851547-2595749892
                                                                                                • Opcode ID: 9b3d7f24aa482e2d1b1ce519230e8ddf7b0bf31ee3371ec5fe8d4932dcd1c096
                                                                                                • Instruction ID: 44ac9d45bb8bdcc87f9fa2302faf7c87b8e66e76b639bee5866ba26feef2f442
                                                                                                • Opcode Fuzzy Hash: 9b3d7f24aa482e2d1b1ce519230e8ddf7b0bf31ee3371ec5fe8d4932dcd1c096
                                                                                                • Instruction Fuzzy Hash: 50429075108201EFD725CF24CC84EAABBE5FF89310F144A2AF655A72E2D7369C51CB49
                                                                                                Function 00404873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 004048F3
                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00404908
                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00404927
                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0040494B
                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0040495C
                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0040497B
                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 004049AE
                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 004049D4
                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00404A0F
                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00404A56
                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00404A7E
                                                                                                • IsMenu.USER32(?), ref: 00404A97
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00404AF2
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00404B20
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404B94
                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00404BE3
                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00404C82
                                                                                                • wsprintfW.USER32 ref: 00404CAE
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00404CC9
                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00404CF1
                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00404D13
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00404D33
                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00404D5A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                • String ID: %d/%02d/%02d
                                                                                                • API String ID: 4054740463-328681919
                                                                                                • Opcode ID: 922d996815fdf1f6cc4949cba5620a08ddc766d1cb6a60b779687e3404347269
                                                                                                • Instruction ID: 28488a5eb859d7377de3c7a79ea612b988df2dc5a57f4b5e3f8a124b7faa206d
                                                                                                • Opcode Fuzzy Hash: 922d996815fdf1f6cc4949cba5620a08ddc766d1cb6a60b779687e3404347269
                                                                                                • Instruction Fuzzy Hash: A612F2B1600214ABEB259F24CC49FAF7BF8EF85310F10463AF615EA2E1DB789941CB54
                                                                                                Function 0038F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0038F998
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003CF474
                                                                                                • IsIconic.USER32(00000000), ref: 003CF47D
                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 003CF48A
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 003CF494
                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 003CF4AA
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 003CF4B1
                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 003CF4BD
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 003CF4CE
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 003CF4D6
                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 003CF4DE
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 003CF4E1
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 003CF4F6
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 003CF501
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 003CF50B
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 003CF510
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 003CF519
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 003CF51E
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 003CF528
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 003CF52D
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 003CF530
                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 003CF557
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 4125248594-2988720461
                                                                                                • Opcode ID: ec04d5e6ac6acbb24c51e8f4a5bf41d65d8b954d08ee97ee7486db22ca819b73
                                                                                                • Instruction ID: c700ebe6cab5fe56924519f1af800b5caa9bd0eda743d859acbe45a042295e16
                                                                                                • Opcode Fuzzy Hash: ec04d5e6ac6acbb24c51e8f4a5bf41d65d8b954d08ee97ee7486db22ca819b73
                                                                                                • Instruction Fuzzy Hash: 32316071A40218BEEB216BB64D8AFBF7E6DEB44B50F110139FA00F61D1C6B15D00AB64
                                                                                                Function 003D1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003D170D
                                                                                                  • Part of subcall function 003D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003D173A
                                                                                                  • Part of subcall function 003D16C3: GetLastError.KERNEL32 ref: 003D174A
                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 003D1286
                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 003D12A8
                                                                                                • CloseHandle.KERNEL32(?), ref: 003D12B9
                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 003D12D1
                                                                                                • GetProcessWindowStation.USER32 ref: 003D12EA
                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 003D12F4
                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 003D1310
                                                                                                  • Part of subcall function 003D10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003D11FC), ref: 003D10D4
                                                                                                  • Part of subcall function 003D10BF: CloseHandle.KERNEL32(?,?,003D11FC), ref: 003D10E9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                • String ID: $default$winsta0$ZC
                                                                                                • API String ID: 22674027-471795638
                                                                                                • Opcode ID: 161ba80f2b3a6d12c200939643f96d44b2afa8f1ecc8535a5210bb2f17a2eb22
                                                                                                • Instruction ID: 0bf0e2769ced364d4e80a68742a8bf1864676f51ef9388b6c8c7ca0ca82b0569
                                                                                                • Opcode Fuzzy Hash: 161ba80f2b3a6d12c200939643f96d44b2afa8f1ecc8535a5210bb2f17a2eb22
                                                                                                • Instruction Fuzzy Hash: 9381BF72900209BFDF229FA5ED89FEE7BB9EF04700F14412AF910B62A0C7758944DB24
                                                                                                Function 003D0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003D1114
                                                                                                  • Part of subcall function 003D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D1120
                                                                                                  • Part of subcall function 003D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D112F
                                                                                                  • Part of subcall function 003D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D1136
                                                                                                  • Part of subcall function 003D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003D114D
                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003D0BCC
                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003D0C00
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 003D0C17
                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 003D0C51
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003D0C6D
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 003D0C84
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 003D0C8C
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 003D0C93
                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003D0CB4
                                                                                                • CopySid.ADVAPI32(00000000), ref: 003D0CBB
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003D0CEA
                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003D0D0C
                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003D0D1E
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003D0D45
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0D4C
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003D0D55
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0D5C
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003D0D65
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0D6C
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 003D0D78
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0D7F
                                                                                                  • Part of subcall function 003D1193: GetProcessHeap.KERNEL32(00000008,003D0BB1,?,00000000,?,003D0BB1,?), ref: 003D11A1
                                                                                                  • Part of subcall function 003D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,003D0BB1,?), ref: 003D11A8
                                                                                                  • Part of subcall function 003D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,003D0BB1,?), ref: 003D11B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                • String ID:
                                                                                                • API String ID: 4175595110-0
                                                                                                • Opcode ID: 318d26caca2f0e7c0359f1a9086a10b060c598dddd1e9a9a7d7e49a0b0622012
                                                                                                • Instruction ID: 717872b1318438b832df531d50b3b5136aaf3fd2319544bd4890a45cd27a636e
                                                                                                • Opcode Fuzzy Hash: 318d26caca2f0e7c0359f1a9086a10b060c598dddd1e9a9a7d7e49a0b0622012
                                                                                                • Instruction Fuzzy Hash: CE716B7290020AEBDF159FE4ED84FAEBBB9AF05700F054626E914BB291D771A905CB60
                                                                                                Function 003EEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenClipboard.USER32(0040CC08), ref: 003EEB29
                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 003EEB37
                                                                                                • GetClipboardData.USER32(0000000D), ref: 003EEB43
                                                                                                • CloseClipboard.USER32 ref: 003EEB4F
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 003EEB87
                                                                                                • CloseClipboard.USER32 ref: 003EEB91
                                                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 003EEBBC
                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 003EEBC9
                                                                                                • GetClipboardData.USER32(00000001), ref: 003EEBD1
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 003EEBE2
                                                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 003EEC22
                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 003EEC38
                                                                                                • GetClipboardData.USER32(0000000F), ref: 003EEC44
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 003EEC55
                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 003EEC77
                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003EEC94
                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003EECD2
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 003EECF3
                                                                                                • CountClipboardFormats.USER32 ref: 003EED14
                                                                                                • CloseClipboard.USER32 ref: 003EED59
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                • String ID:
                                                                                                • API String ID: 420908878-0
                                                                                                • Opcode ID: e656220fea6c618f57c305b555ab0d76444811338a2549e6d104b18b30e01880
                                                                                                • Instruction ID: 50c4a9c1d0597f7a1c465bf7f5784183ef3dde33f5392e647921e922aead935f
                                                                                                • Opcode Fuzzy Hash: e656220fea6c618f57c305b555ab0d76444811338a2549e6d104b18b30e01880
                                                                                                • Instruction Fuzzy Hash: 8561E235204242EFD322EF21DD85F2A77A8AF84704F15466DF4569B2E2DB31DD05CB62
                                                                                                Function 003E698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 003E69BE
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E6A12
                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003E6A4E
                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003E6A75
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 003E6AB2
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 003E6ADF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                • API String ID: 3830820486-3289030164
                                                                                                • Opcode ID: f0ad201d503a4c36a66703291d1ad0daa7e0c2b9249b19d1ce8d78f34965c84c
                                                                                                • Instruction ID: d470a2afd394316d127b33d99b01e8edf4baecf7c825aaf64c5b7b3bbacfedea
                                                                                                • Opcode Fuzzy Hash: f0ad201d503a4c36a66703291d1ad0daa7e0c2b9249b19d1ce8d78f34965c84c
                                                                                                • Instruction Fuzzy Hash: 58D17271508340AFC711EB64C992EAFB7ECAF98704F04491DF589DB191EB78DA44CB62
                                                                                                Function 003E9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003E9663
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 003E96A1
                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 003E96BB
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 003E96D3
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E96DE
                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 003E96FA
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E974A
                                                                                                • SetCurrentDirectoryW.KERNEL32(00436B7C), ref: 003E9768
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 003E9772
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E977F
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E978F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1409584000-438819550
                                                                                                • Opcode ID: 506846687229107bc476c755e59458cd44e864cfa5c28cc463b094b8d91a705d
                                                                                                • Instruction ID: eb3dd5829e483bb33a1a44580f662e34baad6e8731d6270459c7cec4aa22402b
                                                                                                • Opcode Fuzzy Hash: 506846687229107bc476c755e59458cd44e864cfa5c28cc463b094b8d91a705d
                                                                                                • Instruction Fuzzy Hash: 1731C332500269AADF11AFB5DD49BDE77AC9F09360F2142A7F945E20D1DB34DD448B18
                                                                                                Function 003E979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003E97BE
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 003E9819
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E9824
                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 003E9840
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E9890
                                                                                                • SetCurrentDirectoryW.KERNEL32(00436B7C), ref: 003E98AE
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 003E98B8
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E98C5
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E98D5
                                                                                                  • Part of subcall function 003DDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 003DDB00
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                • String ID: *.*
                                                                                                • API String ID: 2640511053-438819550
                                                                                                • Opcode ID: 374110f7f45eef8eecb5b789bff5de15a6c8c5db707b82cc2c3f1efe3c894842
                                                                                                • Instruction ID: 3343171731043e998cb47e6cc2153c2295f5a38beefc3634016c23ff0f8e7080
                                                                                                • Opcode Fuzzy Hash: 374110f7f45eef8eecb5b789bff5de15a6c8c5db707b82cc2c3f1efe3c894842
                                                                                                • Instruction Fuzzy Hash: F631D632500269AADF12EFB5DC48BDE77AC9F0A320F214267E850B21E1DB30DD85CB24
                                                                                                Function 003FBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003FB6AE,?,?), ref: 003FC9B5
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FC9F1
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA68
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003FBF3E
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 003FBFA9
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 003FBFCD
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 003FC02C
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 003FC0E7
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003FC154
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003FC1E9
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 003FC23A
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003FC2E3
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003FC382
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 003FC38F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                • String ID:
                                                                                                • API String ID: 3102970594-0
                                                                                                • Opcode ID: acf0072e76f2db674d7bc91c00e06965bc321f29af2f628e25de50de7dffb2ff
                                                                                                • Instruction ID: 01a496b913f10be3bfe69c69547c13c99af3eff6faa1c72f5a28eeef8eb749fc
                                                                                                • Opcode Fuzzy Hash: acf0072e76f2db674d7bc91c00e06965bc321f29af2f628e25de50de7dffb2ff
                                                                                                • Instruction Fuzzy Hash: C8026970604204AFD715CF28C991E2ABBE5EF89308F19C49DF94A8F2A2DB35EC45CB51
                                                                                                Function 003E8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLocalTime.KERNEL32(?), ref: 003E8257
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 003E8267
                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003E8273
                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003E8310
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E8324
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E8356
                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003E838C
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E8395
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1464919966-438819550
                                                                                                • Opcode ID: f7140c45701a9b503b3793d26f02ac7c7c5c5306b903b71fb4693ea6c397381a
                                                                                                • Instruction ID: 65cb39f9779a989b2a6d050925e4386fc02d6da4fbf3c4d89674df05a93a4a93
                                                                                                • Opcode Fuzzy Hash: f7140c45701a9b503b3793d26f02ac7c7c5c5306b903b71fb4693ea6c397381a
                                                                                                • Instruction Fuzzy Hash: DE619E765043559FCB11EF60C881A9EB3E8FF89314F048A1EF98997291DB35E905CB92
                                                                                                Function 003DD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00373AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00373A97,?,?,00372E7F,?,?,?,00000000), ref: 00373AC2
                                                                                                  • Part of subcall function 003DE199: GetFileAttributesW.KERNEL32(?,003DCF95), ref: 003DE19A
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 003DD122
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 003DD1DD
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 003DD1F0
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 003DD20D
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 003DD237
                                                                                                  • Part of subcall function 003DD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,003DD21C,?,?), ref: 003DD2B2
                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 003DD253
                                                                                                • FindClose.KERNEL32(00000000), ref: 003DD264
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 1946585618-1173974218
                                                                                                • Opcode ID: 7cf7bd244f4c506dfadefe989465701779e6b425a9fe947b59804ee97dac2aa8
                                                                                                • Instruction ID: 80dc1220dd4e942b5978890c3df5bd8dde27cfb28e06af3fab437f6a4ec96c84
                                                                                                • Opcode Fuzzy Hash: 7cf7bd244f4c506dfadefe989465701779e6b425a9fe947b59804ee97dac2aa8
                                                                                                • Instruction Fuzzy Hash: F5615032C0110DAACF16EBE0DE92DEDB775AF55300F2085A6E4067B291EB345F09DB61
                                                                                                Function 003EED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                • String ID:
                                                                                                • API String ID: 1737998785-0
                                                                                                • Opcode ID: fe01721d57bd369abc41146dc7f752aa3decab1d91de86b29dd1814383bb6b42
                                                                                                • Instruction ID: 3882cbb2fd0d44fc0f0f07c639b975f557c3a8b5a9e06ce7ba0fc84ae9fc324a
                                                                                                • Opcode Fuzzy Hash: fe01721d57bd369abc41146dc7f752aa3decab1d91de86b29dd1814383bb6b42
                                                                                                • Instruction Fuzzy Hash: 1541C035604661DFE322CF16D888B1ABBE5EF44318F15C6ADE4199F6A2C735EC41CB90
                                                                                                Function 003DE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003D170D
                                                                                                  • Part of subcall function 003D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003D173A
                                                                                                  • Part of subcall function 003D16C3: GetLastError.KERNEL32 ref: 003D174A
                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 003DE932
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                • API String ID: 2234035333-3163812486
                                                                                                • Opcode ID: 46dad2fdd9d4de3a6d2cb9c359ddaed5d4527e8f2b743cd64042a12979c5c022
                                                                                                • Instruction ID: de8aad5d7ba86dae9339c7c0f6924966f9a4b381d89e13fb289df7975c2ca213
                                                                                                • Opcode Fuzzy Hash: 46dad2fdd9d4de3a6d2cb9c359ddaed5d4527e8f2b743cd64042a12979c5c022
                                                                                                • Instruction Fuzzy Hash: 09012673A11211BBEB5637B4BC96BBF765C9B04744F160927FC12FA2D1D7B85C408194
                                                                                                Function 003F1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 003F1276
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F1283
                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 003F12BA
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F12C5
                                                                                                • closesocket.WSOCK32(00000000), ref: 003F12F4
                                                                                                • listen.WSOCK32(00000000,00000005), ref: 003F1303
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F130D
                                                                                                • closesocket.WSOCK32(00000000), ref: 003F133C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                • String ID:
                                                                                                • API String ID: 540024437-0
                                                                                                • Opcode ID: 5c1ff798952d038f75c53a021babce94af7c9393bec891a22635721667cb2e64
                                                                                                • Instruction ID: 3f0600cf82dea9f3a87c9af6d6568ec7de28c6e1712c7a97de54b4622ea590c0
                                                                                                • Opcode Fuzzy Hash: 5c1ff798952d038f75c53a021babce94af7c9393bec891a22635721667cb2e64
                                                                                                • Instruction Fuzzy Hash: EC41BF31600104EFD721EF64D5C8B2ABBE5AF86318F19C598E9569F292C731EC81CBA0
                                                                                                Function 003DD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00373AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00373A97,?,?,00372E7F,?,?,?,00000000), ref: 00373AC2
                                                                                                  • Part of subcall function 003DE199: GetFileAttributesW.KERNEL32(?,003DCF95), ref: 003DE19A
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 003DD420
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 003DD470
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 003DD481
                                                                                                • FindClose.KERNEL32(00000000), ref: 003DD498
                                                                                                • FindClose.KERNEL32(00000000), ref: 003DD4A1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 2649000838-1173974218
                                                                                                • Opcode ID: 41a2ae180219a188701a494c80dd35ba275b8c4fb1b2d0863396846750e1a6f0
                                                                                                • Instruction ID: 62e6edd3c13a8a0b921b55bb417b6a518860e4bbbdc3f9fe7d9ac8d68d45cf53
                                                                                                • Opcode Fuzzy Hash: 41a2ae180219a188701a494c80dd35ba275b8c4fb1b2d0863396846750e1a6f0
                                                                                                • Instruction Fuzzy Hash: CF31A272008345ABC316EF60D8929AF77E8BE91304F408A6EF4D557291EF34AA09D763
                                                                                                Function 003AE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __floor_pentium4
                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                • API String ID: 4168288129-2761157908
                                                                                                • Opcode ID: 8f067ad792a34d50523167ea1536fe230922c9bf487accbe5c6f7a6d54931264
                                                                                                • Instruction ID: e5a8e9c227ec1517544bccec4f4db1d7b5417fc535d95bd5750b58098795d1f7
                                                                                                • Opcode Fuzzy Hash: 8f067ad792a34d50523167ea1536fe230922c9bf487accbe5c6f7a6d54931264
                                                                                                • Instruction Fuzzy Hash: A6C24C71E046288FDB26CF68DD407EAB7B9EB4A305F1541EAD44DE7240E779AE818F40
                                                                                                Function 003E648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 003E64DC
                                                                                                • CoInitialize.OLE32(00000000), ref: 003E6639
                                                                                                • CoCreateInstance.OLE32(0040FCF8,00000000,00000001,0040FB68,?), ref: 003E6650
                                                                                                • CoUninitialize.OLE32 ref: 003E68D4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                • String ID: .lnk
                                                                                                • API String ID: 886957087-24824748
                                                                                                • Opcode ID: 0e80409ab3712c018ce3599a2ef2ee1b5bc2b446f994e127a7c8511763a6029c
                                                                                                • Instruction ID: fcf9ad03f9a7ace0988f5f9c600fb60729c24d42c94d40f166d788acdb2c62cf
                                                                                                • Opcode Fuzzy Hash: 0e80409ab3712c018ce3599a2ef2ee1b5bc2b446f994e127a7c8511763a6029c
                                                                                                • Instruction Fuzzy Hash: CDD15C71608351AFC315EF24C882E6BB7E8FF95704F10896DF5598B2A1DB30E905CB92
                                                                                                Function 003F22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 003F22E8
                                                                                                  • Part of subcall function 003EE4EC: GetWindowRect.USER32(?,?), ref: 003EE504
                                                                                                • GetDesktopWindow.USER32 ref: 003F2312
                                                                                                • GetWindowRect.USER32(00000000), ref: 003F2319
                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 003F2355
                                                                                                • GetCursorPos.USER32(?), ref: 003F2381
                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 003F23DF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                • String ID:
                                                                                                • API String ID: 2387181109-0
                                                                                                • Opcode ID: e35e79227e512bda01eac03b40692259672f4c3cf3e58d06f1d7e77dc6180343
                                                                                                • Instruction ID: 642bfa708d9499fa4804655931e0cc7752f7e16ca174924c585f49220cc62952
                                                                                                • Opcode Fuzzy Hash: e35e79227e512bda01eac03b40692259672f4c3cf3e58d06f1d7e77dc6180343
                                                                                                • Instruction Fuzzy Hash: 0B31D0B6505319EFC721DF14D845F6BBBA9FF84314F000A1AF985AB191DB34E908CB92
                                                                                                Function 003E9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 003E9B78
                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 003E9C8B
                                                                                                  • Part of subcall function 003E3874: GetInputState.USER32 ref: 003E38CB
                                                                                                  • Part of subcall function 003E3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003E3966
                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 003E9BA8
                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 003E9C75
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1972594611-438819550
                                                                                                • Opcode ID: a153a46acfcc845fa2dc91abeb22f595be31a847825c9ea28530ade0b81a940c
                                                                                                • Instruction ID: c1b5e7adf3a9d4ffb7c1290d7f59c137e27db3d25bedc810be682271bce80de8
                                                                                                • Opcode Fuzzy Hash: a153a46acfcc845fa2dc91abeb22f595be31a847825c9ea28530ade0b81a940c
                                                                                                • Instruction Fuzzy Hash: B941727190025AAFDF26EF65C985BEE7BB8EF05300F204256E405A61D1D7349E84CF64
                                                                                                Function 0038997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00389A4E
                                                                                                • GetSysColor.USER32(0000000F), ref: 00389B23
                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00389B36
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$LongProcWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3131106179-0
                                                                                                • Opcode ID: cb05a44678ced58d547fd17f426283610f7c40b3f08bc7f51c78b6d79a6a455b
                                                                                                • Instruction ID: 28e369df88c84788203a21de502c84669bc96714962cc377814bc6e9696f1c47
                                                                                                • Opcode Fuzzy Hash: cb05a44678ced58d547fd17f426283610f7c40b3f08bc7f51c78b6d79a6a455b
                                                                                                • Instruction Fuzzy Hash: CCA11B70208604BEE72BBB2D8C89F7B269DDB42344B1A015FF902D6DD1CA399D41C779
                                                                                                Function 003F1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003F307A
                                                                                                  • Part of subcall function 003F304E: _wcslen.LIBCMT ref: 003F309B
                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 003F185D
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F1884
                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 003F18DB
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F18E6
                                                                                                • closesocket.WSOCK32(00000000), ref: 003F1915
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                • String ID:
                                                                                                • API String ID: 1601658205-0
                                                                                                • Opcode ID: 42f6b55fd394a3684f83a4c03cbb7c9033d5c3f7654194c8d0f7e3e8b38752f5
                                                                                                • Instruction ID: 86b933cafa9320f0523ab2a11c72ed0f88028a40028902ca6f504f81528f64bb
                                                                                                • Opcode Fuzzy Hash: 42f6b55fd394a3684f83a4c03cbb7c9033d5c3f7654194c8d0f7e3e8b38752f5
                                                                                                • Instruction Fuzzy Hash: 9F51B171A00200AFDB21AF24D986F3A77E5AB45718F14C49CFA0A6F3D3D775AD418BA1
                                                                                                Function 00401C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                • String ID:
                                                                                                • API String ID: 292994002-0
                                                                                                • Opcode ID: ca825999732195aa78e4886c1fa5a46b7abfdc69bb6bcd4c06636c02075e6c72
                                                                                                • Instruction ID: fe0fd7096eacd5474414a1c8d7be27b0e1f680ec9c7b2466d8dfc70ead0b8c01
                                                                                                • Opcode Fuzzy Hash: ca825999732195aa78e4886c1fa5a46b7abfdc69bb6bcd4c06636c02075e6c72
                                                                                                • Instruction Fuzzy Hash: BC21B6317442119FE7208F16C884B1B7B95AF95314F19807EE846AB3A1C779EC42CB98
                                                                                                Function 00378060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                • API String ID: 0-1546025612
                                                                                                • Opcode ID: cb5d809b8a67761e24ee0d6c8f51aa1ab424fb97e4dfc0b6313157ef9b96451e
                                                                                                • Instruction ID: e5552a9958eb12118a91d8b1b806afbad25e9eee8e4b8bfe12cd8e1c454aa687
                                                                                                • Opcode Fuzzy Hash: cb5d809b8a67761e24ee0d6c8f51aa1ab424fb97e4dfc0b6313157ef9b96451e
                                                                                                • Instruction Fuzzy Hash: 65A29E70E0061ACBDF36CF58C8457EDB7B1BF44318F2585AAD919ABA81DB389D81CB50
                                                                                                Function 003D8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 003D82AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrlen
                                                                                                • String ID: ($tbC$|
                                                                                                • API String ID: 1659193697-3136911626
                                                                                                • Opcode ID: 5faea1d9c9e154083fd8467373794425087160f858070f3125b38af634faa040
                                                                                                • Instruction ID: df2c8b5671dd54109219e60e57c4ba7b6113295d9f5c5aeb629145368554a783
                                                                                                • Opcode Fuzzy Hash: 5faea1d9c9e154083fd8467373794425087160f858070f3125b38af634faa040
                                                                                                • Instruction Fuzzy Hash: DC324579A007059FCB29CF19D481A6AB7F0FF48720B15C46EE59ADB7A1EB70E941CB40
                                                                                                Function 003DAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 003DAAAC
                                                                                                • SetKeyboardState.USER32(00000080), ref: 003DAAC8
                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 003DAB36
                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 003DAB88
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                • String ID:
                                                                                                • API String ID: 432972143-0
                                                                                                • Opcode ID: e8e29d488c2edb28c4a1eb07bdc7965b762eca0bc8c289e7516f5ec9759937f8
                                                                                                • Instruction ID: 28a8e1df0f470f8f019f44cbfe4bc6fac233066337990caa4f5d52611704e6ca
                                                                                                • Opcode Fuzzy Hash: e8e29d488c2edb28c4a1eb07bdc7965b762eca0bc8c289e7516f5ec9759937f8
                                                                                                • Instruction Fuzzy Hash: CF313D32A40A08AEFF36CB64ED05BFA7BAAAB45310F04431BF181563D0D3758986D756
                                                                                                Function 003ABB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 003ABB7F
                                                                                                  • Part of subcall function 003A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000), ref: 003A29DE
                                                                                                  • Part of subcall function 003A29C8: GetLastError.KERNEL32(00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000,00000000), ref: 003A29F0
                                                                                                • GetTimeZoneInformation.KERNEL32 ref: 003ABB91
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,0044121C,000000FF,?,0000003F,?,?), ref: 003ABC09
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,00441270,000000FF,?,0000003F,?,?,?,0044121C,000000FF,?,0000003F,?,?), ref: 003ABC36
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                • String ID:
                                                                                                • API String ID: 806657224-0
                                                                                                • Opcode ID: a83e017ebfa583c7ffcb640edecbc894943974a66624c2d7e662a5c067b8cbdf
                                                                                                • Instruction ID: a70586d58af01482d6a4abf00c796288b3b3ad6d49697b4eecde3224f6072a67
                                                                                                • Opcode Fuzzy Hash: a83e017ebfa583c7ffcb640edecbc894943974a66624c2d7e662a5c067b8cbdf
                                                                                                • Instruction Fuzzy Hash: 4131CF70904245DFCB16DFA9DC80929FBB8FF57320B1542AAE061EB2B2D7709D80CB54
                                                                                                Function 003ECE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 003ECE89
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 003ECEEA
                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 003ECEFE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                • String ID:
                                                                                                • API String ID: 234945975-0
                                                                                                • Opcode ID: 6698372f9eeed2da10d18864ea18e56936690f9913fca5aca2ff3692515fe3b0
                                                                                                • Instruction ID: 530e2c5c539a506fde9fabf2b29bc0d8171ae77b327d9383faffbebf53c6d6be
                                                                                                • Opcode Fuzzy Hash: 6698372f9eeed2da10d18864ea18e56936690f9913fca5aca2ff3692515fe3b0
                                                                                                • Instruction Fuzzy Hash: CD21ED71510315EFDB22DFA6C989BAA77FCEB40305F10462EE542A2191E730EE068B64
                                                                                                Function 003E5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 003E5CC1
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 003E5D17
                                                                                                • FindClose.KERNEL32(?), ref: 003E5D5F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                • String ID:
                                                                                                • API String ID: 3541575487-0
                                                                                                • Opcode ID: f36701fe593ce38ba19563e4a94902a3500880650892d4b80acadf39ce839a12
                                                                                                • Instruction ID: e2f5c0d9ce8204612d1ad19fb930009ba05e6db3735d872145f6003cd9647581
                                                                                                • Opcode Fuzzy Hash: f36701fe593ce38ba19563e4a94902a3500880650892d4b80acadf39ce839a12
                                                                                                • Instruction Fuzzy Hash: 0B51BC34604A41DFC715DF29C894A9AB7E4FF0A318F14865EE95A8B3A2CB30EC44CB91
                                                                                                Function 003A2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsDebuggerPresent.KERNEL32 ref: 003A271A
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003A2724
                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 003A2731
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                • String ID:
                                                                                                • API String ID: 3906539128-0
                                                                                                • Opcode ID: db1445e693f5a1588b6ef6cf820aa93450735720e68ce18e3a5d53851010d2e7
                                                                                                • Instruction ID: a8b7119b3e4d9ab69f1cbb0bbeafcd81da782a5e69cf1cd749077ca3665915b2
                                                                                                • Opcode Fuzzy Hash: db1445e693f5a1588b6ef6cf820aa93450735720e68ce18e3a5d53851010d2e7
                                                                                                • Instruction Fuzzy Hash: 1131B574911218ABCB22DF68DD897DDB7B8EF18310F5042EAE81CA7261E7749F818F45
                                                                                                Function 003E51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 003E51DA
                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003E5238
                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 003E52A1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                • String ID:
                                                                                                • API String ID: 1682464887-0
                                                                                                • Opcode ID: c58f0959abdcbaea84851be8d7b277d7c656d600ccb3b7aaaa177c3b21f628de
                                                                                                • Instruction ID: dd0465e902c9b33fcfc1b617d12a4a3be9a25170db08317857293eaf3e2877a1
                                                                                                • Opcode Fuzzy Hash: c58f0959abdcbaea84851be8d7b277d7c656d600ccb3b7aaaa177c3b21f628de
                                                                                                • Instruction Fuzzy Hash: EE315A75A00518DFDB01DF54D884EADBBB4FF09318F048199E909AF3A2CB35E845CB90
                                                                                                Function 003D16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0038FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00390668
                                                                                                  • Part of subcall function 0038FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00390685
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003D170D
                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003D173A
                                                                                                • GetLastError.KERNEL32 ref: 003D174A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                • String ID:
                                                                                                • API String ID: 577356006-0
                                                                                                • Opcode ID: cd6311c2f974b10477d31b7b71f53c1483018129af72587eccd4da5a7023ba0c
                                                                                                • Instruction ID: ac7bf3b5004ff352ef88d974e6e098edbff9f4b1787e839b3d89f44cc5076e92
                                                                                                • Opcode Fuzzy Hash: cd6311c2f974b10477d31b7b71f53c1483018129af72587eccd4da5a7023ba0c
                                                                                                • Instruction Fuzzy Hash: 6B11BCB2410304FFE718AF64ECC6D6AB7BDEB04714B20852EE45666251EB70BC418B64
                                                                                                Function 003DD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003DD608
                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 003DD645
                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003DD650
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                • String ID:
                                                                                                • API String ID: 33631002-0
                                                                                                • Opcode ID: 09a89594dc8d82f52183abaed1cc8b0723ac8f1b74ececc3472415d3139e5fbf
                                                                                                • Instruction ID: 99e9d8cf0b87917ea1f6f1316794f63c0338953a1bfe9b9c50cb51cd3c415f7e
                                                                                                • Opcode Fuzzy Hash: 09a89594dc8d82f52183abaed1cc8b0723ac8f1b74ececc3472415d3139e5fbf
                                                                                                • Instruction Fuzzy Hash: 55117071E01228BBDB108F94AC44FAFBBBCEB45B50F108166F904E7290D2704A018BA1
                                                                                                Function 003D1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 003D168C
                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 003D16A1
                                                                                                • FreeSid.ADVAPI32(?), ref: 003D16B1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                • String ID:
                                                                                                • API String ID: 3429775523-0
                                                                                                • Opcode ID: 1f8539a05d9229b9c51949eec6d2a43041df4d154aa8657d9eec4b1a6033c8d2
                                                                                                • Instruction ID: b930279d00f76221f51695b813dbe2d413fae36e52471e89c823b8f0f9ba6aa1
                                                                                                • Opcode Fuzzy Hash: 1f8539a05d9229b9c51949eec6d2a43041df4d154aa8657d9eec4b1a6033c8d2
                                                                                                • Instruction Fuzzy Hash: 73F0F471950309FBEB00DFE49D89AAEBBBCEB08604F504565E901E2181E774AA448A54
                                                                                                Function 003CD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 003CD28C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameUser
                                                                                                • String ID: X64
                                                                                                • API String ID: 2645101109-893830106
                                                                                                • Opcode ID: 6fc2836e945a1d412e64074a8b56b188a304fb2b78f511100353824a697fce9d
                                                                                                • Instruction ID: c86503fa29fd8f1eaf037ed5b6856bf68428cd4b5c5b836e3988014252dc55e0
                                                                                                • Opcode Fuzzy Hash: 6fc2836e945a1d412e64074a8b56b188a304fb2b78f511100353824a697fce9d
                                                                                                • Instruction Fuzzy Hash: B5D0C9B480111DEACB95DB90DCC8DD9B37CBB04305F1006A5F106E2440D73095498F10
                                                                                                Function 0039CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                • Instruction ID: 5814c38f54efa9f4def704ec1ef9251f459bbe89469c10d0992269545950e8de
                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                • Instruction Fuzzy Hash: 86021C71E102199BDF15CFA9C8806ADFBF1EF88314F25816AD919EB384D731AE418B94
                                                                                                Function 0037CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Variable is not of type 'Object'.$p#D
                                                                                                • API String ID: 0-543306404
                                                                                                • Opcode ID: cceea8bd3aa9f9aa5326e393b4dbe65c2dd991bf46c3a62900aa81ddaa2f51b0
                                                                                                • Instruction ID: 90a6eafe8ee42d5402daa047d3d102d38883a190711b39a5679e2934a89c2e71
                                                                                                • Opcode Fuzzy Hash: cceea8bd3aa9f9aa5326e393b4dbe65c2dd991bf46c3a62900aa81ddaa2f51b0
                                                                                                • Instruction Fuzzy Hash: 5F329D74910218DBDF2ADF90C984BEDB7B9BF05304F14906DE80AAF292D779AE45CB50
                                                                                                Function 003E68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 003E6918
                                                                                                • FindClose.KERNEL32(00000000), ref: 003E6961
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFileFirst
                                                                                                • String ID:
                                                                                                • API String ID: 2295610775-0
                                                                                                • Opcode ID: d621abc8a39125672b0634fa4876bba41f1e59189dfe34760c0fa9c7dd778caf
                                                                                                • Instruction ID: 8c328daed29f4b9ca0da5fccd8279cab3d97fd7b5f94cf3e31ffde7d91e162b3
                                                                                                • Opcode Fuzzy Hash: d621abc8a39125672b0634fa4876bba41f1e59189dfe34760c0fa9c7dd778caf
                                                                                                • Instruction Fuzzy Hash: 8B11BE316042509FC710DF2AC4C5A1ABBE4EF85328F15C6ADF4698F6A2C734EC05CB90
                                                                                                Function 003E37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,003F4891,?,?,00000035,?), ref: 003E37E4
                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,003F4891,?,?,00000035,?), ref: 003E37F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                • String ID:
                                                                                                • API String ID: 3479602957-0
                                                                                                • Opcode ID: d9c19ee20c890de0f46408b1ea385854ebc70eadf7bb3a4554f43b3242555d40
                                                                                                • Instruction ID: 7c42a82c864eca8d5b184e608ac5626a5ce2b23dcd9edee9215ac1266d2eee34
                                                                                                • Opcode Fuzzy Hash: d9c19ee20c890de0f46408b1ea385854ebc70eadf7bb3a4554f43b3242555d40
                                                                                                • Instruction Fuzzy Hash: 8FF0E5B06052296AEB2117678C8DFEB3AAEEFC4761F000379F509E36C1D9709904C6B0
                                                                                                Function 003DB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 003DB25D
                                                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 003DB270
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InputSendkeybd_event
                                                                                                • String ID:
                                                                                                • API String ID: 3536248340-0
                                                                                                • Opcode ID: 4127c0c73e7567a9794cd935aa4023c9458f74b7ee2c3ecf2380c6ae6f1dbd72
                                                                                                • Instruction ID: d6ec40f6c4e4e12e79d252a11aeb3f146efef793cb3ba48ee9e34363074fe8f8
                                                                                                • Opcode Fuzzy Hash: 4127c0c73e7567a9794cd935aa4023c9458f74b7ee2c3ecf2380c6ae6f1dbd72
                                                                                                • Instruction Fuzzy Hash: 96F01D7580424EEBDB059FA0D805BAEBBB4FF04305F00841AF955A6191C37986119F94
                                                                                                Function 003D10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003D11FC), ref: 003D10D4
                                                                                                • CloseHandle.KERNEL32(?,?,003D11FC), ref: 003D10E9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                • String ID:
                                                                                                • API String ID: 81990902-0
                                                                                                • Opcode ID: e0915fd5a73b1252a2c046180a96f6927a9fd5a9f245cdccbb1adcf6c8a4e351
                                                                                                • Instruction ID: aec7aeb7dfbc2d76a1387b52224170bdc79552c654864d24cca6afaf0577df0c
                                                                                                • Opcode Fuzzy Hash: e0915fd5a73b1252a2c046180a96f6927a9fd5a9f245cdccbb1adcf6c8a4e351
                                                                                                • Instruction Fuzzy Hash: A5E04F32014700EFE7263B61FC05E7377A9EB04310B10892EF5A5844B1DB726CA0DB54
                                                                                                Function 003A676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003A6766,?,?,00000008,?,?,003AFEFE,00000000), ref: 003A6998
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3997070919-0
                                                                                                • Opcode ID: d177585a9ba027a2817f4ff10f22b2ad0e1ac78c431f38b62f332b76337a3fe4
                                                                                                • Instruction ID: 9347619974d8b255f29b107de54e37a4aa39f7ecc206f06e998e03bfc20f7bc9
                                                                                                • Opcode Fuzzy Hash: d177585a9ba027a2817f4ff10f22b2ad0e1ac78c431f38b62f332b76337a3fe4
                                                                                                • Instruction Fuzzy Hash: B4B14D71610608DFD716CF28C48AB657BE4FF46364F2A865CE899CF2A2C735D991CB40
                                                                                                Function 0038B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: ba6a6b2715c583a6794f77813e32fd4398c59edd78212b0062d6d47f2e51cc97
                                                                                                • Instruction ID: b17ab067d47be915b947190d437ab16fb4efa72cdbaead4d80016f6fe38f6d6a
                                                                                                • Opcode Fuzzy Hash: ba6a6b2715c583a6794f77813e32fd4398c59edd78212b0062d6d47f2e51cc97
                                                                                                • Instruction Fuzzy Hash: C9127F759002299BCB25DF59C881BEEB7B5FF48310F1581AAE849EB251DB709E81CF90
                                                                                                Function 003EEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • BlockInput.USER32(00000001), ref: 003EEABD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BlockInput
                                                                                                • String ID:
                                                                                                • API String ID: 3456056419-0
                                                                                                • Opcode ID: c0ecb7c9cd328470562131f07203dcd8ff8c564d285d968642e5abcf77098423
                                                                                                • Instruction ID: 570a2b34a770f4d4f40c057d7ebc404c9fa061b7eee188d6f3f05ce2eeeff5c3
                                                                                                • Opcode Fuzzy Hash: c0ecb7c9cd328470562131f07203dcd8ff8c564d285d968642e5abcf77098423
                                                                                                • Instruction Fuzzy Hash: 39E01A312102149FC721EF6AD844E9AF7E9AF99760F00842AFC49DB291DB74A8408B90
                                                                                                Function 003909D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,003903EE), ref: 003909DA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID:
                                                                                                • API String ID: 3192549508-0
                                                                                                • Opcode ID: 6d3746c7a4f2d4c51391624d7f7bf2b45618da74fc6d10359eb55c418aa31858
                                                                                                • Instruction ID: b5dd6706bb4079ff3c6caec7e2549e6181ef73d668f00d482fab260dcc54f4c9
                                                                                                • Opcode Fuzzy Hash: 6d3746c7a4f2d4c51391624d7f7bf2b45618da74fc6d10359eb55c418aa31858
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 0039781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0
                                                                                                • API String ID: 0-4108050209
                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                • Instruction ID: 68e6931895f59b8c65e78455a1c4e3d31123e43214a2d6e7435ef5cad61a6b9d
                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                • Instruction Fuzzy Hash: FD51647263C6095BDF3B962C885FBFE2389DB42344F190509E882DB6C2CB15EE02D356
                                                                                                Function 003E2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0&D
                                                                                                • API String ID: 0-1766144559
                                                                                                • Opcode ID: 9eb90a74bbbde5a7a86f0c05788cf743c44086aabc8baa44e89e88795e6ef555
                                                                                                • Instruction ID: 82f712fbb637d8a2c2cf3b206451ea714eb8a2fb46818a48407c546c517d8a2d
                                                                                                • Opcode Fuzzy Hash: 9eb90a74bbbde5a7a86f0c05788cf743c44086aabc8baa44e89e88795e6ef555
                                                                                                • Instruction Fuzzy Hash: DA21D5322206158BDB28CF79C92267E73E9A754310F558A2EE4A7C77D0DE79AD04CB84
                                                                                                Function 003A6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 90ac7d6e7f30e37c3446d114325da222d0b0c494b043a693aa74a7a0c5d3f55a
                                                                                                • Instruction ID: f03093341c4f252e7136cabe237b07c8ae0dadf4bd03b3310b3d948966d7a886
                                                                                                • Opcode Fuzzy Hash: 90ac7d6e7f30e37c3446d114325da222d0b0c494b043a693aa74a7a0c5d3f55a
                                                                                                • Instruction Fuzzy Hash: 0F324322D29F014DD7239635DD62336A68DEFB73C5F15C737E81AB5AA9EB29C4834100
                                                                                                Function 0038CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a34ba2489718056df8d6bd0c65bb35a2c9c1fdf50657c583b15a53834c1a6d60
                                                                                                • Instruction ID: 7cfd96761d1e099dc1616e1690ecb8cc5ba219d4317f8f4429e343c1a2616380
                                                                                                • Opcode Fuzzy Hash: a34ba2489718056df8d6bd0c65bb35a2c9c1fdf50657c583b15a53834c1a6d60
                                                                                                • Instruction Fuzzy Hash: 21320732A202058BDF26DF28C494F7D77B1EB45300F2AA5AED84EDB691D630DD82DB51
                                                                                                Function 00377920 Relevance: .6, Instructions: 563COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b64b97e84058f830bbde0ee35295b71424d9cda8721e23ebe26d1d756c59ecf4
                                                                                                • Instruction ID: d56357f0f694835b0dafba554834b52c53b6308c1d52ffdaa477129be629e046
                                                                                                • Opcode Fuzzy Hash: b64b97e84058f830bbde0ee35295b71424d9cda8721e23ebe26d1d756c59ecf4
                                                                                                • Instruction Fuzzy Hash: 6222A070A04609DFDF26DF64C881BEEB3F5FF44304F148529E81AAB691E739A915CB50
                                                                                                Function 003791C0 Relevance: .5, Instructions: 475COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6bd69dd67c1e9b7dcedc70e76061b725aabb2fb88037467d14ec3d0d74319686
                                                                                                • Instruction ID: 90964afb922239fec9df2249a5dc86f811e96bdb2fa3a1bc803d28adc8e45d9d
                                                                                                • Opcode Fuzzy Hash: 6bd69dd67c1e9b7dcedc70e76061b725aabb2fb88037467d14ec3d0d74319686
                                                                                                • Instruction Fuzzy Hash: 0402D7B1E00209EFDF16DF58D881AEDB7B5FF44304F118169E91A9B691EB35AE10CB81
                                                                                                Function 003A9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e8433f523260e449f07a63199fa63d2ca9dc9a2add6f27ca4dad1d57c6ac81ad
                                                                                                • Instruction ID: a2a8ee6bdcec77c9d967bb393fe6e85bb2a85a9b14bab479be77b6ba95cff507
                                                                                                • Opcode Fuzzy Hash: e8433f523260e449f07a63199fa63d2ca9dc9a2add6f27ca4dad1d57c6ac81ad
                                                                                                • Instruction Fuzzy Hash: B1B10321D2AF444DC3239A398831336FA5CAFBB6D6F51D72BFC2674D62EB2185834144
                                                                                                Function 00391C77 Relevance: .3, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                • Instruction ID: 8a34bd5e2cdbed5fc921fc4d1c3445215f82ac15136451a5b11440f5a7f99633
                                                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                • Instruction Fuzzy Hash: B79176726090A34AEF6F463E857403EFFE15A923A131B079ED4F2EA5C5FE24C954D620
                                                                                                Function 00391F32 Relevance: .2, Instructions: 244COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                • Instruction ID: 1c02c92700e69c4b4d7f984f9521aa1a6417ea33f4666d5dddd1145297542721
                                                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                • Instruction Fuzzy Hash: 349165722094A35AEF6F4239857403FFFE15A923A131B079DE4F2DB5C5EE24C568E620
                                                                                                Function 003919B0 Relevance: .2, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                • Instruction ID: 267bb14bb27b007c2160dcd993c27a19db5ac3c7471acf12ae4bd451ed97b9d1
                                                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                • Instruction Fuzzy Hash: D69165722090A34EEF2F467A857403EFFE55A923A231B079DD4F2DA5C1FE24C954D620
                                                                                                Function 00397A4A Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bfe1f1a392bd09d49f0249a906ca26a82b5dbce21dda395fa51e1f7e075e5b69
                                                                                                • Instruction ID: d16b990d7c38507fd9718726163c0a6524eaf7ff2920a5661c9432da06463014
                                                                                                • Opcode Fuzzy Hash: bfe1f1a392bd09d49f0249a906ca26a82b5dbce21dda395fa51e1f7e075e5b69
                                                                                                • Instruction Fuzzy Hash: 6161773123C34A66EE3B9A2C8C96BBF2399DF82700F15091AE843DF7D1DA119E428755
                                                                                                Function 00397CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5fdc32d60989c1df5090284abde49426e71157c751b28c3af8de4bb6ab1b6248
                                                                                                • Instruction ID: aa322a4184d77bc8acc19daa9789b4bf528fe3c44efaf2ccae44b5f4d50ea9ac
                                                                                                • Opcode Fuzzy Hash: 5fdc32d60989c1df5090284abde49426e71157c751b28c3af8de4bb6ab1b6248
                                                                                                • Instruction Fuzzy Hash: 3C618971B38709A7DE3B5A2C8892BBF2398EF43744F110959E943DF6C1DA12ED428355
                                                                                                Function 00391706 Relevance: .2, Instructions: 232COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                • Instruction ID: 38af914f1ddf18cef05fc7cfc59af9f97eb85b68c3828489e750adb2491d6493
                                                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                • Instruction Fuzzy Hash: EB81847260C0A309EF6F427A853403EFFE15A923A131B079ED4F2DB5C5EE24C554E660
                                                                                                Function 003F2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteObject.GDI32(00000000), ref: 003F2B30
                                                                                                • DeleteObject.GDI32(00000000), ref: 003F2B43
                                                                                                • DestroyWindow.USER32 ref: 003F2B52
                                                                                                • GetDesktopWindow.USER32 ref: 003F2B6D
                                                                                                • GetWindowRect.USER32(00000000), ref: 003F2B74
                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 003F2CA3
                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 003F2CB1
                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2CF8
                                                                                                • GetClientRect.USER32(00000000,?), ref: 003F2D04
                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003F2D40
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2D62
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2D75
                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2D80
                                                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2D89
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2D98
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2DA1
                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2DA8
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 003F2DB3
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2DC5
                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0040FC38,00000000), ref: 003F2DDB
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 003F2DEB
                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 003F2E11
                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 003F2E30
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F2E52
                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003F303F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                • API String ID: 2211948467-2373415609
                                                                                                • Opcode ID: a1a8b57565c3eb32e9ff8029a53ec46ce666e52b09dfdd3ad19b24ef3dc63d21
                                                                                                • Instruction ID: c28fbdbd143c8152281c413c49d916f051866bed941532a8d83d22337e790c9c
                                                                                                • Opcode Fuzzy Hash: a1a8b57565c3eb32e9ff8029a53ec46ce666e52b09dfdd3ad19b24ef3dc63d21
                                                                                                • Instruction Fuzzy Hash: ED028E71500209EFDB15DFA4CD89EAE7BB9EF49710F108668F915AB2A1CB34AD01CF64
                                                                                                Function 004070D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0040712F
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00407160
                                                                                                • GetSysColor.USER32(0000000F), ref: 0040716C
                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00407186
                                                                                                • SelectObject.GDI32(?,?), ref: 00407195
                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 004071C0
                                                                                                • GetSysColor.USER32(00000010), ref: 004071C8
                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 004071CF
                                                                                                • FrameRect.USER32(?,?,00000000), ref: 004071DE
                                                                                                • DeleteObject.GDI32(00000000), ref: 004071E5
                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00407230
                                                                                                • FillRect.USER32(?,?,?), ref: 00407262
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00407284
                                                                                                  • Part of subcall function 004073E8: GetSysColor.USER32(00000012), ref: 00407421
                                                                                                  • Part of subcall function 004073E8: SetTextColor.GDI32(?,?), ref: 00407425
                                                                                                  • Part of subcall function 004073E8: GetSysColorBrush.USER32(0000000F), ref: 0040743B
                                                                                                  • Part of subcall function 004073E8: GetSysColor.USER32(0000000F), ref: 00407446
                                                                                                  • Part of subcall function 004073E8: GetSysColor.USER32(00000011), ref: 00407463
                                                                                                  • Part of subcall function 004073E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00407471
                                                                                                  • Part of subcall function 004073E8: SelectObject.GDI32(?,00000000), ref: 00407482
                                                                                                  • Part of subcall function 004073E8: SetBkColor.GDI32(?,00000000), ref: 0040748B
                                                                                                  • Part of subcall function 004073E8: SelectObject.GDI32(?,?), ref: 00407498
                                                                                                  • Part of subcall function 004073E8: InflateRect.USER32(?,000000FF,000000FF), ref: 004074B7
                                                                                                  • Part of subcall function 004073E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004074CE
                                                                                                  • Part of subcall function 004073E8: GetWindowLongW.USER32(00000000,000000F0), ref: 004074DB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                • String ID:
                                                                                                • API String ID: 4124339563-0
                                                                                                • Opcode ID: 09bd4d4bcd7e65b77d485960a9ebdf3cf0f40fd9fbac4ee03ab2606a6ccc0a94
                                                                                                • Instruction ID: 5a0219a2844545f5472c85f21dba40617929a50c7b06e402a84b36353cf11fc4
                                                                                                • Opcode Fuzzy Hash: 09bd4d4bcd7e65b77d485960a9ebdf3cf0f40fd9fbac4ee03ab2606a6ccc0a94
                                                                                                • Instruction Fuzzy Hash: 75A1AF72408311FFD7009F60DD88E5B7BA9FB89320F100B29F962A61E1D735E944CB96
                                                                                                Function 00388D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(?,?), ref: 00388E14
                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 003C6AC5
                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 003C6AFE
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 003C6F43
                                                                                                  • Part of subcall function 00388F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00388BE8,?,00000000,?,?,?,?,00388BBA,00000000,?), ref: 00388FC5
                                                                                                • SendMessageW.USER32(?,00001053), ref: 003C6F7F
                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 003C6F96
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 003C6FAC
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 003C6FB7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                • String ID: 0
                                                                                                • API String ID: 2760611726-4108050209
                                                                                                • Opcode ID: 00e6b5a874eb2961b4165721f6c04d0e47e8494f6c5fa7bcbcc0bbf06b449003
                                                                                                • Instruction ID: 5d7aff4cfd00febeb795299a350f2b7a8131f3519a52b437666a696b0e83c07e
                                                                                                • Opcode Fuzzy Hash: 00e6b5a874eb2961b4165721f6c04d0e47e8494f6c5fa7bcbcc0bbf06b449003
                                                                                                • Instruction Fuzzy Hash: 1912BB34200211EFDB22DF24C985FAAB7E5FB49300F55856DE485DB661CB32EC92CB95
                                                                                                Function 003F2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(00000000), ref: 003F273E
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 003F286A
                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 003F28A9
                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 003F28B9
                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 003F2900
                                                                                                • GetClientRect.USER32(00000000,?), ref: 003F290C
                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 003F2955
                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 003F2964
                                                                                                • GetStockObject.GDI32(00000011), ref: 003F2974
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 003F2978
                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 003F2988
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003F2991
                                                                                                • DeleteDC.GDI32(00000000), ref: 003F299A
                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 003F29C6
                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 003F29DD
                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 003F2A1D
                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 003F2A31
                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 003F2A42
                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 003F2A77
                                                                                                • GetStockObject.GDI32(00000011), ref: 003F2A82
                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 003F2A8D
                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 003F2A97
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                • API String ID: 2910397461-517079104
                                                                                                • Opcode ID: 2f4f5e8735dbe891382164c8dfaeec376a86ec3b569a9dac567f7b4098141ed1
                                                                                                • Instruction ID: 2527da5dc622be26aaee47944e6df697338d539296fb9ba84997b1be980edc5e
                                                                                                • Opcode Fuzzy Hash: 2f4f5e8735dbe891382164c8dfaeec376a86ec3b569a9dac567f7b4098141ed1
                                                                                                • Instruction Fuzzy Hash: B0B15D75A40219EFEB14DF68CD85FAE7BA9EB09710F108215FA14EB2A0D774AD40CB94
                                                                                                Function 003E4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 003E4AED
                                                                                                • GetDriveTypeW.KERNEL32(?,0040CB68,?,\\.\,0040CC08), ref: 003E4BCA
                                                                                                • SetErrorMode.KERNEL32(00000000,0040CB68,?,\\.\,0040CC08), ref: 003E4D36
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$DriveType
                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                • API String ID: 2907320926-4222207086
                                                                                                • Opcode ID: 30740e8899a3e89d0ccd46c26ef35a025b42a3519adcd9445774ab61f9af6c20
                                                                                                • Instruction ID: fec868422ce7e6c6238522cfad895d29307914473605ce9e9a90f52e90443e75
                                                                                                • Opcode Fuzzy Hash: 30740e8899a3e89d0ccd46c26ef35a025b42a3519adcd9445774ab61f9af6c20
                                                                                                • Instruction Fuzzy Hash: D961E530601256BBCB16DF25C981A6977B4AB0C300F31D216F80AABAD5DB39ED41DB45
                                                                                                Function 004073E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000012), ref: 00407421
                                                                                                • SetTextColor.GDI32(?,?), ref: 00407425
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0040743B
                                                                                                • GetSysColor.USER32(0000000F), ref: 00407446
                                                                                                • CreateSolidBrush.GDI32(?), ref: 0040744B
                                                                                                • GetSysColor.USER32(00000011), ref: 00407463
                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00407471
                                                                                                • SelectObject.GDI32(?,00000000), ref: 00407482
                                                                                                • SetBkColor.GDI32(?,00000000), ref: 0040748B
                                                                                                • SelectObject.GDI32(?,?), ref: 00407498
                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 004074B7
                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004074CE
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 004074DB
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0040752A
                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00407554
                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00407572
                                                                                                • DrawFocusRect.USER32(?,?), ref: 0040757D
                                                                                                • GetSysColor.USER32(00000011), ref: 0040758E
                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00407596
                                                                                                • DrawTextW.USER32(?,004070F5,000000FF,?,00000000), ref: 004075A8
                                                                                                • SelectObject.GDI32(?,?), ref: 004075BF
                                                                                                • DeleteObject.GDI32(?), ref: 004075CA
                                                                                                • SelectObject.GDI32(?,?), ref: 004075D0
                                                                                                • DeleteObject.GDI32(?), ref: 004075D5
                                                                                                • SetTextColor.GDI32(?,?), ref: 004075DB
                                                                                                • SetBkColor.GDI32(?,?), ref: 004075E5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                • String ID:
                                                                                                • API String ID: 1996641542-0
                                                                                                • Opcode ID: 53051bf594574dd6396c15eed651b559b379fb7e8d8d82bc2287d7f2a774b0b9
                                                                                                • Instruction ID: 249748302a50eb2bb577df7cbca854678750fe431ff7c9ccc24694f2bc19189e
                                                                                                • Opcode Fuzzy Hash: 53051bf594574dd6396c15eed651b559b379fb7e8d8d82bc2287d7f2a774b0b9
                                                                                                • Instruction Fuzzy Hash: 21615C76D00218FFDB019FA4DD89AEE7BB9EB09320F104225F911BB2E1D675A940CF94
                                                                                                Function 00400FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCursorPos.USER32(?), ref: 00401128
                                                                                                • GetDesktopWindow.USER32 ref: 0040113D
                                                                                                • GetWindowRect.USER32(00000000), ref: 00401144
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00401199
                                                                                                • DestroyWindow.USER32(?), ref: 004011B9
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 004011ED
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0040120B
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0040121D
                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00401232
                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00401245
                                                                                                • IsWindowVisible.USER32(00000000), ref: 004012A1
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 004012BC
                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 004012D0
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004012E8
                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 0040130E
                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00401328
                                                                                                • CopyRect.USER32(?,?), ref: 0040133F
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 004013AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                • String ID: ($0$tooltips_class32
                                                                                                • API String ID: 698492251-4156429822
                                                                                                • Opcode ID: b6c487387bccca443c131a9de384e8a58ae91b041110afee308e8a233bc89e87
                                                                                                • Instruction ID: 4db00ff6455ac356d6b5aab77919bf3bb66ee534b4f427abb463aa0c2aa3352e
                                                                                                • Opcode Fuzzy Hash: b6c487387bccca443c131a9de384e8a58ae91b041110afee308e8a233bc89e87
                                                                                                • Instruction Fuzzy Hash: AEB1AA71604341AFD714DF64C984B6BBBE4FF89314F008A2DF999AB2A1C735E844CB96
                                                                                                Function 00388891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00388968
                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00388970
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0038899B
                                                                                                • GetSystemMetrics.USER32(00000008), ref: 003889A3
                                                                                                • GetSystemMetrics.USER32(00000004), ref: 003889C8
                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 003889E5
                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 003889F5
                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00388A28
                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00388A3C
                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00388A5A
                                                                                                • GetStockObject.GDI32(00000011), ref: 00388A76
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00388A81
                                                                                                  • Part of subcall function 0038912D: GetCursorPos.USER32(?), ref: 00389141
                                                                                                  • Part of subcall function 0038912D: ScreenToClient.USER32(00000000,?), ref: 0038915E
                                                                                                  • Part of subcall function 0038912D: GetAsyncKeyState.USER32(00000001), ref: 00389183
                                                                                                  • Part of subcall function 0038912D: GetAsyncKeyState.USER32(00000002), ref: 0038919D
                                                                                                • SetTimer.USER32(00000000,00000000,00000028,003890FC), ref: 00388AA8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                • String ID: AutoIt v3 GUI
                                                                                                • API String ID: 1458621304-248962490
                                                                                                • Opcode ID: 83c000e093dde1b2b7475b1841d1106c70b60c74c68dbea3fd0243b3c094d805
                                                                                                • Instruction ID: 8f078e55cc8b598429b978812ee1656cecf737e34692058e77b6e50a6a525053
                                                                                                • Opcode Fuzzy Hash: 83c000e093dde1b2b7475b1841d1106c70b60c74c68dbea3fd0243b3c094d805
                                                                                                • Instruction Fuzzy Hash: BCB18E75A00209EFDB15EF68CD85FAE3BB5FB48314F114229FA15EB290DB34A840CB54
                                                                                                Function 003D0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003D1114
                                                                                                  • Part of subcall function 003D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D1120
                                                                                                  • Part of subcall function 003D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D112F
                                                                                                  • Part of subcall function 003D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D1136
                                                                                                  • Part of subcall function 003D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003D114D
                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003D0DF5
                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003D0E29
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 003D0E40
                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 003D0E7A
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003D0E96
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 003D0EAD
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 003D0EB5
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 003D0EBC
                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003D0EDD
                                                                                                • CopySid.ADVAPI32(00000000), ref: 003D0EE4
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003D0F13
                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003D0F35
                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003D0F47
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003D0F6E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0F75
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003D0F7E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0F85
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003D0F8E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0F95
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 003D0FA1
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D0FA8
                                                                                                  • Part of subcall function 003D1193: GetProcessHeap.KERNEL32(00000008,003D0BB1,?,00000000,?,003D0BB1,?), ref: 003D11A1
                                                                                                  • Part of subcall function 003D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,003D0BB1,?), ref: 003D11A8
                                                                                                  • Part of subcall function 003D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,003D0BB1,?), ref: 003D11B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                • String ID:
                                                                                                • API String ID: 4175595110-0
                                                                                                • Opcode ID: 6128424d90f2d888570fa8031e1c8495e9b619a0fca7e54a1dc252f958f85a7a
                                                                                                • Instruction ID: 27cc8081b18245b3f010d0ccec3e9db3af7c6eddfa990ce6906713072d12f969
                                                                                                • Opcode Fuzzy Hash: 6128424d90f2d888570fa8031e1c8495e9b619a0fca7e54a1dc252f958f85a7a
                                                                                                • Instruction Fuzzy Hash: FE715E7290020AEBDF259FA4ED48FEEBBBCBF04700F154226F959B6291D7719905CB60
                                                                                                Function 003FC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003FC4BD
                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,0040CC08,00000000,?,00000000,?,?), ref: 003FC544
                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 003FC5A4
                                                                                                • _wcslen.LIBCMT ref: 003FC5F4
                                                                                                • _wcslen.LIBCMT ref: 003FC66F
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 003FC6B2
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 003FC7C1
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 003FC84D
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 003FC881
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 003FC88E
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 003FC960
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                • API String ID: 9721498-966354055
                                                                                                • Opcode ID: 1a7b8691053004554a480646c4da87ff823afe644774c8c58c3e419be147977f
                                                                                                • Instruction ID: a386218a6d989b129820f5524cecf3a8cade6d23b400971cecb0eb74e8510b38
                                                                                                • Opcode Fuzzy Hash: 1a7b8691053004554a480646c4da87ff823afe644774c8c58c3e419be147977f
                                                                                                • Instruction Fuzzy Hash: AF127A352142049FD726DF14C981E2AB7E5FF89724F15885CF98A9B3A2DB35EC41CB81
                                                                                                Function 0040091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(?,?), ref: 004009C6
                                                                                                • _wcslen.LIBCMT ref: 00400A01
                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00400A54
                                                                                                • _wcslen.LIBCMT ref: 00400A8A
                                                                                                • _wcslen.LIBCMT ref: 00400B06
                                                                                                • _wcslen.LIBCMT ref: 00400B81
                                                                                                  • Part of subcall function 0038F9F2: _wcslen.LIBCMT ref: 0038F9FD
                                                                                                  • Part of subcall function 003D2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003D2BFA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                • API String ID: 1103490817-4258414348
                                                                                                • Opcode ID: 762171f79155186b750d8c10cef0e3970e240428850d368fdc04d110d60244f1
                                                                                                • Instruction ID: 26537bcb6a87feec2c5c32059ef5b8e605aaa25c83262fe7aa7fc98056d3575d
                                                                                                • Opcode Fuzzy Hash: 762171f79155186b750d8c10cef0e3970e240428850d368fdc04d110d60244f1
                                                                                                • Instruction Fuzzy Hash: 90E1B1312083019FC725EF24C450A2AB7E1FF99314F14896EF8996B3A2D738ED45CB96
                                                                                                Function 003FC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                • API String ID: 1256254125-909552448
                                                                                                • Opcode ID: 49234329fa84b1bf98e2c64eabccc315411827bc5004f0335df78ba62f81b765
                                                                                                • Instruction ID: b1d7a42f8f1d146565351cdc43824ebcebec11711788300f3a3eb8e270fcd70c
                                                                                                • Opcode Fuzzy Hash: 49234329fa84b1bf98e2c64eabccc315411827bc5004f0335df78ba62f81b765
                                                                                                • Instruction Fuzzy Hash: 317134326A012E8BCF22DE3CCA415BE3395AF64750F226525FE569B284E735DD45C3A0
                                                                                                Function 0040833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0040835A
                                                                                                • _wcslen.LIBCMT ref: 0040836E
                                                                                                • _wcslen.LIBCMT ref: 00408391
                                                                                                • _wcslen.LIBCMT ref: 004083B4
                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 004083F2
                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00405BF2), ref: 0040844E
                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00408487
                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 004084CA
                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00408501
                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040850D
                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0040851D
                                                                                                • DestroyIcon.USER32(?,?,?,?,?,00405BF2), ref: 0040852C
                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00408549
                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00408555
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                • String ID: .dll$.exe$.icl
                                                                                                • API String ID: 799131459-1154884017
                                                                                                • Opcode ID: 93c2b91e48ecb886318e3fcf96d075782c54751107596ecede9c3f658444b50c
                                                                                                • Instruction ID: 1206b88f5ca36cd8920b39e6650c1140bfddf5b708e04e6bb1fb476dc745c3ee
                                                                                                • Opcode Fuzzy Hash: 93c2b91e48ecb886318e3fcf96d075782c54751107596ecede9c3f658444b50c
                                                                                                • Instruction Fuzzy Hash: DC61F371500215FAEB14DF64CD81FBF77A8BB04B21F10462AF855EA1D1EB78A941CBA4
                                                                                                Function 00377778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                • API String ID: 0-1645009161
                                                                                                • Opcode ID: fda45eb1c897c067680786bc04a35314235e6da193e86d1ad1bffbbaada3bb02
                                                                                                • Instruction ID: 9ef74b186200f0d027563ca87feb0cd7ee6ab270b8cf3bfc2070424e1465630d
                                                                                                • Opcode Fuzzy Hash: fda45eb1c897c067680786bc04a35314235e6da193e86d1ad1bffbbaada3bb02
                                                                                                • Instruction Fuzzy Hash: AA810571A04205BBDF37AF64CC82FBE37A8AF55300F118025F909AE596EB79D911C7A1
                                                                                                Function 003E3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharLowerBuffW.USER32(?,?), ref: 003E3EF8
                                                                                                • _wcslen.LIBCMT ref: 003E3F03
                                                                                                • _wcslen.LIBCMT ref: 003E3F5A
                                                                                                • _wcslen.LIBCMT ref: 003E3F98
                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 003E3FD6
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003E401E
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003E4059
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003E4087
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                • API String ID: 1839972693-4113822522
                                                                                                • Opcode ID: 694b6a3d572a397757ea586de8cd6249260e1ba0e37ad592c5b7e89564cb7f1a
                                                                                                • Instruction ID: eb5f9fbc63a3c4fc82f78d2dae754692c68a4e5742960668e5977ed738863910
                                                                                                • Opcode Fuzzy Hash: 694b6a3d572a397757ea586de8cd6249260e1ba0e37ad592c5b7e89564cb7f1a
                                                                                                • Instruction Fuzzy Hash: B47134316042129FC721EF35C88196EB7F4EF98754F118A2DF4999B291EB34DD06CB51
                                                                                                Function 003D5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadIconW.USER32(00000063), ref: 003D5A2E
                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 003D5A40
                                                                                                • SetWindowTextW.USER32(?,?), ref: 003D5A57
                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 003D5A6C
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 003D5A72
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 003D5A82
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 003D5A88
                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 003D5AA9
                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 003D5AC3
                                                                                                • GetWindowRect.USER32(?,?), ref: 003D5ACC
                                                                                                • _wcslen.LIBCMT ref: 003D5B33
                                                                                                • SetWindowTextW.USER32(?,?), ref: 003D5B6F
                                                                                                • GetDesktopWindow.USER32 ref: 003D5B75
                                                                                                • GetWindowRect.USER32(00000000), ref: 003D5B7C
                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 003D5BD3
                                                                                                • GetClientRect.USER32(?,?), ref: 003D5BE0
                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 003D5C05
                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 003D5C2F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 895679908-0
                                                                                                • Opcode ID: 5cc857dcc7b3c26afd8690927009eff3511218ba33c7210e5ff3a807390dbe4e
                                                                                                • Instruction ID: 79e086e9bf647b13c0af72b0acf918dc473c07f744524da717ae3c73f49d7eae
                                                                                                • Opcode Fuzzy Hash: 5cc857dcc7b3c26afd8690927009eff3511218ba33c7210e5ff3a807390dbe4e
                                                                                                • Instruction Fuzzy Hash: 03719132900B05DFDB21DFA8DE85A6EBBF5FF48704F104A2AE142A76A0D775E940CB54
                                                                                                Function 003EFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 003EFE27
                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 003EFE32
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 003EFE3D
                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 003EFE48
                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 003EFE53
                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 003EFE5E
                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 003EFE69
                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 003EFE74
                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 003EFE7F
                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 003EFE8A
                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 003EFE95
                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 003EFEA0
                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 003EFEAB
                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 003EFEB6
                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 003EFEC1
                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 003EFECC
                                                                                                • GetCursorInfo.USER32(?), ref: 003EFEDC
                                                                                                • GetLastError.KERNEL32 ref: 003EFF1E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                • String ID:
                                                                                                • API String ID: 3215588206-0
                                                                                                • Opcode ID: 8a232c274aee395c57e4185caea9478cdf395b5da978f8a388624cd9db87a5cb
                                                                                                • Instruction ID: 3b1e30bc9cf79b04b7b67693e1876aa35bef54db3824b231a4ee02521d6f61bd
                                                                                                • Opcode Fuzzy Hash: 8a232c274aee395c57e4185caea9478cdf395b5da978f8a388624cd9db87a5cb
                                                                                                • Instruction Fuzzy Hash: 3E415470D04359AEDB109FB68C8585EBFE8FF04754B50462AE11DEB281DB78A901CF91
                                                                                                Function 003D30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[C
                                                                                                • API String ID: 176396367-267077460
                                                                                                • Opcode ID: 671263a3c58f278ccc7900a98be3932e78f80276d02c01052ecd8784645c243c
                                                                                                • Instruction ID: 60092ddadbdc9d20dc3d3cfac0e4498d777ebf089f57c444b5b2cc04b5d9d2f0
                                                                                                • Opcode Fuzzy Hash: 671263a3c58f278ccc7900a98be3932e78f80276d02c01052ecd8784645c243c
                                                                                                • Instruction Fuzzy Hash: 30E1F433A00516ABCF169F68E451BEEFBB5BF44710F15812BE456B7340DB30AE858791
                                                                                                Function 003900C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 003900C6
                                                                                                  • Part of subcall function 003900ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0044070C,00000FA0,4093A063,?,?,?,?,003B23B3,000000FF), ref: 0039011C
                                                                                                  • Part of subcall function 003900ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,003B23B3,000000FF), ref: 00390127
                                                                                                  • Part of subcall function 003900ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,003B23B3,000000FF), ref: 00390138
                                                                                                  • Part of subcall function 003900ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0039014E
                                                                                                  • Part of subcall function 003900ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0039015C
                                                                                                  • Part of subcall function 003900ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0039016A
                                                                                                  • Part of subcall function 003900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00390195
                                                                                                  • Part of subcall function 003900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 003901A0
                                                                                                • ___scrt_fastfail.LIBCMT ref: 003900E7
                                                                                                  • Part of subcall function 003900A3: __onexit.LIBCMT ref: 003900A9
                                                                                                Strings
                                                                                                • InitializeConditionVariable, xrefs: 00390148
                                                                                                • kernel32.dll, xrefs: 00390133
                                                                                                • SleepConditionVariableCS, xrefs: 00390154
                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00390122
                                                                                                • WakeAllConditionVariable, xrefs: 00390162
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                • API String ID: 66158676-1714406822
                                                                                                • Opcode ID: 1d2d1fbafac12e4f4844b76805da8eabb03595ecf409a40152c01319e69a6f7c
                                                                                                • Instruction ID: 75ef4c53ad440f99d60f67f094d24ba1ba45a87fac5cbe13958810509228f606
                                                                                                • Opcode Fuzzy Hash: 1d2d1fbafac12e4f4844b76805da8eabb03595ecf409a40152c01319e69a6f7c
                                                                                                • Instruction Fuzzy Hash: EA213B36644710EFEB266BA4AC49B6A7394DF05B51F11023AF901FB6D1DB789C008A99
                                                                                                Function 003E44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharLowerBuffW.USER32(00000000,00000000,0040CC08), ref: 003E4527
                                                                                                • _wcslen.LIBCMT ref: 003E453B
                                                                                                • _wcslen.LIBCMT ref: 003E4599
                                                                                                • _wcslen.LIBCMT ref: 003E45F4
                                                                                                • _wcslen.LIBCMT ref: 003E463F
                                                                                                • _wcslen.LIBCMT ref: 003E46A7
                                                                                                  • Part of subcall function 0038F9F2: _wcslen.LIBCMT ref: 0038F9FD
                                                                                                • GetDriveTypeW.KERNEL32(?,00436BF0,00000061), ref: 003E4743
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                • API String ID: 2055661098-1000479233
                                                                                                • Opcode ID: dbe712b4b0181933c5ec87d4afb11089a0083491a7f7105a672ccb737fdb8575
                                                                                                • Instruction ID: d8b31c14072057ecec8caba71726fd7aa4746f93a6b1f02fe52acd815c9a82d6
                                                                                                • Opcode Fuzzy Hash: dbe712b4b0181933c5ec87d4afb11089a0083491a7f7105a672ccb737fdb8575
                                                                                                • Instruction Fuzzy Hash: BDB117316083629FC712DF29C890A6EB7E5BFA9710F518A1DF496CB2D1D734D844CB92
                                                                                                Function 0040911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00409147
                                                                                                  • Part of subcall function 00407674: ClientToScreen.USER32(?,?), ref: 0040769A
                                                                                                  • Part of subcall function 00407674: GetWindowRect.USER32(?,?), ref: 00407710
                                                                                                  • Part of subcall function 00407674: PtInRect.USER32(?,?,00408B89), ref: 00407720
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 004091B0
                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 004091BB
                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 004091DE
                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00409225
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0040923E
                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00409255
                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00409277
                                                                                                • DragFinish.SHELL32(?), ref: 0040927E
                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00409371
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#D
                                                                                                • API String ID: 221274066-33073620
                                                                                                • Opcode ID: 714f737cee4fd92694c5a6cc0e54b249cd8b7cca9049557ee2d1722245fbacdf
                                                                                                • Instruction ID: 66f34f870fdc282f259b61567643d61655c435dba3f55ffee9a9c70eeaba94ef
                                                                                                • Opcode Fuzzy Hash: 714f737cee4fd92694c5a6cc0e54b249cd8b7cca9049557ee2d1722245fbacdf
                                                                                                • Instruction Fuzzy Hash: 91618A71108301AFD712DF60CC85EAFBBE8EF89750F004A2EF595A61A1DB349A49CB56
                                                                                                Function 003FAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 003FB198
                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003FB1B0
                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003FB1D4
                                                                                                • _wcslen.LIBCMT ref: 003FB200
                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003FB214
                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003FB236
                                                                                                • _wcslen.LIBCMT ref: 003FB332
                                                                                                  • Part of subcall function 003E05A7: GetStdHandle.KERNEL32(000000F6), ref: 003E05C6
                                                                                                • _wcslen.LIBCMT ref: 003FB34B
                                                                                                • _wcslen.LIBCMT ref: 003FB366
                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003FB3B6
                                                                                                • GetLastError.KERNEL32(00000000), ref: 003FB407
                                                                                                • CloseHandle.KERNEL32(?), ref: 003FB439
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003FB44A
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003FB45C
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003FB46E
                                                                                                • CloseHandle.KERNEL32(?), ref: 003FB4E3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 2178637699-0
                                                                                                • Opcode ID: 2d2be7d32b1413d95a0cdb8eb9eb30309648a82afd7478abff20dff62ceb14d5
                                                                                                • Instruction ID: 56eb9d81d0d6d903536d108c25512100dd793fbc1ebaff9e5f1e2c2835e57b1f
                                                                                                • Opcode Fuzzy Hash: 2d2be7d32b1413d95a0cdb8eb9eb30309648a82afd7478abff20dff62ceb14d5
                                                                                                • Instruction Fuzzy Hash: FEF19A71608304DFC726EF24C881B2ABBE5AF85714F15895DF9999F2A2CB35EC40CB52
                                                                                                Function 0037326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemCount.USER32(00441990), ref: 003B2F8D
                                                                                                • GetMenuItemCount.USER32(00441990), ref: 003B303D
                                                                                                • GetCursorPos.USER32(?), ref: 003B3081
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 003B308A
                                                                                                • TrackPopupMenuEx.USER32(00441990,00000000,?,00000000,00000000,00000000), ref: 003B309D
                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 003B30A9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                • String ID: 0
                                                                                                • API String ID: 36266755-4108050209
                                                                                                • Opcode ID: cb48625bc8cc8b5495e3421df22cd4a6fafcef6e99b593bb4562b9758d65275f
                                                                                                • Instruction ID: c6a94a58d88b607e56a6edce01c4c6088181736feeeb99a349ea6a6147a51fe2
                                                                                                • Opcode Fuzzy Hash: cb48625bc8cc8b5495e3421df22cd4a6fafcef6e99b593bb4562b9758d65275f
                                                                                                • Instruction Fuzzy Hash: FC711771644215BEEB329F24CC89FEABF68FF04328F204316F6196A5E1C7B1A910DB50
                                                                                                Function 00406CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00406DEB
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00406E5F
                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00406E81
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00406E94
                                                                                                • DestroyWindow.USER32(?), ref: 00406EB5
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00370000,00000000), ref: 00406EE4
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00406EFD
                                                                                                • GetDesktopWindow.USER32 ref: 00406F16
                                                                                                • GetWindowRect.USER32(00000000), ref: 00406F1D
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00406F35
                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00406F4D
                                                                                                  • Part of subcall function 00389944: GetWindowLongW.USER32(?,000000EB), ref: 00389952
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                • String ID: 0$tooltips_class32
                                                                                                • API String ID: 2429346358-3619404913
                                                                                                • Opcode ID: 27f2d6176d994e8a447501a110103dc1a827068cc5d34a5f0daeeb04af3ddfbe
                                                                                                • Instruction ID: df49c08fc747b3c9ab9111e3dbb5f5e5a13b211391e62aaa1415befbb3e748d3
                                                                                                • Opcode Fuzzy Hash: 27f2d6176d994e8a447501a110103dc1a827068cc5d34a5f0daeeb04af3ddfbe
                                                                                                • Instruction Fuzzy Hash: BC718B74104341AFDB21DF18DC44F6BBBE9FB89300F14092EF98AA72A1C775A956CB19
                                                                                                Function 003EC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003EC4B0
                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003EC4C3
                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003EC4D7
                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 003EC4F0
                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 003EC533
                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 003EC549
                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003EC554
                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003EC584
                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003EC5DC
                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003EC5F0
                                                                                                • InternetCloseHandle.WININET(00000000), ref: 003EC5FB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                • String ID:
                                                                                                • API String ID: 3800310941-3916222277
                                                                                                • Opcode ID: 33fee123f1febeb455862c7cc3b48b612153411399f4549cab0718553bf6a3c2
                                                                                                • Instruction ID: 974604bd7994a08e6f348bf2a824cbc94e775067368cdfbd00b339161d785934
                                                                                                • Opcode Fuzzy Hash: 33fee123f1febeb455862c7cc3b48b612153411399f4549cab0718553bf6a3c2
                                                                                                • Instruction Fuzzy Hash: D1517FB0510355FFDB229F62C988AAF7BBCFF05344F005629F945A6690D734E905DB60
                                                                                                Function 0040856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00408592
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085A2
                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085AD
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085BA
                                                                                                • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085C8
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085D7
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085E0
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085E7
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004085F8
                                                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0040FC38,?), ref: 00408611
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00408621
                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00408641
                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00408671
                                                                                                • DeleteObject.GDI32(?), ref: 00408699
                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004086AF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                • String ID:
                                                                                                • API String ID: 3840717409-0
                                                                                                • Opcode ID: c76805f7442b019c58c757e5e6f5ebe5ced457245f0771144616e9a023ff00e3
                                                                                                • Instruction ID: 41e083e8da732d6c3d48dce5dd14732d40017fd13658d4d483899e5d85b088bc
                                                                                                • Opcode Fuzzy Hash: c76805f7442b019c58c757e5e6f5ebe5ced457245f0771144616e9a023ff00e3
                                                                                                • Instruction Fuzzy Hash: C4414C71600204FFDB119FA5CE88EAB7BB8FF89711F108569F905E7290DB359901CB24
                                                                                                Function 003E14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(00000000), ref: 003E1502
                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 003E150B
                                                                                                • VariantClear.OLEAUT32(?), ref: 003E1517
                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 003E15FB
                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 003E1657
                                                                                                • VariantInit.OLEAUT32(?), ref: 003E1708
                                                                                                • SysFreeString.OLEAUT32(?), ref: 003E178C
                                                                                                • VariantClear.OLEAUT32(?), ref: 003E17D8
                                                                                                • VariantClear.OLEAUT32(?), ref: 003E17E7
                                                                                                • VariantInit.OLEAUT32(00000000), ref: 003E1823
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                • API String ID: 1234038744-3931177956
                                                                                                • Opcode ID: 77f05809425c07f4c28bea3ddb8b1a2dd7ff832666bc3fbd64bc05a1eb2e4f44
                                                                                                • Instruction ID: ea4892a05bd0687a7189c40bed5ae41f76b3b9c923370634a278095def9bb761
                                                                                                • Opcode Fuzzy Hash: 77f05809425c07f4c28bea3ddb8b1a2dd7ff832666bc3fbd64bc05a1eb2e4f44
                                                                                                • Instruction Fuzzy Hash: 2DD13531A00265DBDB12AF66D884BBDB7B9BF46700F20825AF846AF5C4DB34EC44DB51
                                                                                                Function 003FB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003FB6AE,?,?), ref: 003FC9B5
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FC9F1
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA68
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003FB6F4
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003FB772
                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 003FB80A
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 003FB87E
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 003FB89C
                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 003FB8F2
                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003FB904
                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 003FB922
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 003FB983
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 003FB994
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                • API String ID: 146587525-4033151799
                                                                                                • Opcode ID: cfcf05d805c88989890245fcf018faecea91f94932fd2bae531bd1a5a3562ade
                                                                                                • Instruction ID: c2704b39ea938cf35374077163f0c481ca6f8f44b2c7dc2dc2dfffc154d8d898
                                                                                                • Opcode Fuzzy Hash: cfcf05d805c88989890245fcf018faecea91f94932fd2bae531bd1a5a3562ade
                                                                                                • Instruction Fuzzy Hash: 6EC19C70204205EFD722DF24C495F2AFBE5BF84308F15859CE69A8B2A2CB75EC45CB91
                                                                                                Function 003F255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(00000000), ref: 003F25D8
                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 003F25E8
                                                                                                • CreateCompatibleDC.GDI32(?), ref: 003F25F4
                                                                                                • SelectObject.GDI32(00000000,?), ref: 003F2601
                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 003F266D
                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 003F26AC
                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 003F26D0
                                                                                                • SelectObject.GDI32(?,?), ref: 003F26D8
                                                                                                • DeleteObject.GDI32(?), ref: 003F26E1
                                                                                                • DeleteDC.GDI32(?), ref: 003F26E8
                                                                                                • ReleaseDC.USER32(00000000,?), ref: 003F26F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                • String ID: (
                                                                                                • API String ID: 2598888154-3887548279
                                                                                                • Opcode ID: c42c5f2aa45a584d078bafbdcddd18e500b6daa52804476dc03e5860e6edbeff
                                                                                                • Instruction ID: 7c27fd0b84f97aea144a8a21beb904936dd8ce51ff4c5ac783ecb01af34b1dfa
                                                                                                • Opcode Fuzzy Hash: c42c5f2aa45a584d078bafbdcddd18e500b6daa52804476dc03e5860e6edbeff
                                                                                                • Instruction Fuzzy Hash: 0D61F275D00219EFCF05CFA8D984EAEBBB5FF48310F208529EA55AB250D770A951CFA4
                                                                                                Function 003ADA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___free_lconv_mon.LIBCMT ref: 003ADAA1
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD659
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD66B
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD67D
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD68F
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD6A1
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD6B3
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD6C5
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD6D7
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD6E9
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD6FB
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD70D
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD71F
                                                                                                  • Part of subcall function 003AD63C: _free.LIBCMT ref: 003AD731
                                                                                                • _free.LIBCMT ref: 003ADA96
                                                                                                  • Part of subcall function 003A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000), ref: 003A29DE
                                                                                                  • Part of subcall function 003A29C8: GetLastError.KERNEL32(00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000,00000000), ref: 003A29F0
                                                                                                • _free.LIBCMT ref: 003ADAB8
                                                                                                • _free.LIBCMT ref: 003ADACD
                                                                                                • _free.LIBCMT ref: 003ADAD8
                                                                                                • _free.LIBCMT ref: 003ADAFA
                                                                                                • _free.LIBCMT ref: 003ADB0D
                                                                                                • _free.LIBCMT ref: 003ADB1B
                                                                                                • _free.LIBCMT ref: 003ADB26
                                                                                                • _free.LIBCMT ref: 003ADB5E
                                                                                                • _free.LIBCMT ref: 003ADB65
                                                                                                • _free.LIBCMT ref: 003ADB82
                                                                                                • _free.LIBCMT ref: 003ADB9A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                • String ID:
                                                                                                • API String ID: 161543041-0
                                                                                                • Opcode ID: 881c3b6a4f727081492d266ffcc2c6aed1f68a50e94635e8b6be5f6d7aaa445e
                                                                                                • Instruction ID: 849890d062aae07e382410e3ac2fb7b69587b4c29c459b0e41cdc165c8102f3b
                                                                                                • Opcode Fuzzy Hash: 881c3b6a4f727081492d266ffcc2c6aed1f68a50e94635e8b6be5f6d7aaa445e
                                                                                                • Instruction Fuzzy Hash: 0A316B316043049FEB63AA38E849B5B77E9FF03710F124519E44ADB5A1DF35AC508B21
                                                                                                Function 003D365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 003D369C
                                                                                                • _wcslen.LIBCMT ref: 003D36A7
                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 003D3797
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 003D380C
                                                                                                • GetDlgCtrlID.USER32(?), ref: 003D385D
                                                                                                • GetWindowRect.USER32(?,?), ref: 003D3882
                                                                                                • GetParent.USER32(?), ref: 003D38A0
                                                                                                • ScreenToClient.USER32(00000000), ref: 003D38A7
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 003D3921
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 003D395D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                • String ID: %s%u
                                                                                                • API String ID: 4010501982-679674701
                                                                                                • Opcode ID: f6a48cdd14a0cc543316e1d0717fcfcd25ee69b0d493f95e9c68c47dbb29cbf6
                                                                                                • Instruction ID: d50ce29f319643d1c5b21b80b125ac36bceed2dc822919807d7b2f33e061fd89
                                                                                                • Opcode Fuzzy Hash: f6a48cdd14a0cc543316e1d0717fcfcd25ee69b0d493f95e9c68c47dbb29cbf6
                                                                                                • Instruction Fuzzy Hash: 7391D672204606EFD716DF24D895FAAF7A8FF44350F00462AF999D6290DB30EE45CB92
                                                                                                Function 003D4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 003D4994
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 003D49DA
                                                                                                • _wcslen.LIBCMT ref: 003D49EB
                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 003D49F7
                                                                                                • _wcsstr.LIBVCRUNTIME ref: 003D4A2C
                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 003D4A64
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 003D4A9D
                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 003D4AE6
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 003D4B20
                                                                                                • GetWindowRect.USER32(?,?), ref: 003D4B8B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                • String ID: ThumbnailClass
                                                                                                • API String ID: 1311036022-1241985126
                                                                                                • Opcode ID: 8ef4f2cd3edb7a8b0a0017214bd19ac1cd2acaab32b3edbb9848c573a379ead0
                                                                                                • Instruction ID: 40a26adbbe586252bc7f658edff8814dc8519ab43a4489ef173428d202ef366e
                                                                                                • Opcode Fuzzy Hash: 8ef4f2cd3edb7a8b0a0017214bd19ac1cd2acaab32b3edbb9848c573a379ead0
                                                                                                • Instruction Fuzzy Hash: E291EF32008205AFDB16CF14E985FAA77E8FF54304F04856BFD859A296EB34ED45CBA1
                                                                                                Function 00408D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00408D5A
                                                                                                • GetFocus.USER32 ref: 00408D6A
                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00408D75
                                                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00408E1D
                                                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00408ECF
                                                                                                • GetMenuItemCount.USER32(?), ref: 00408EEC
                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00408EFC
                                                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00408F2E
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00408F70
                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00408FA1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                • String ID: 0
                                                                                                • API String ID: 1026556194-4108050209
                                                                                                • Opcode ID: 1add0467ec4b58bd49d742cb43a740f763d498c54e517f0144bfc77f853d9008
                                                                                                • Instruction ID: 4000a513e74b85377ad33d00b0a12b380089a988731b23b230050cc61b85a268
                                                                                                • Opcode Fuzzy Hash: 1add0467ec4b58bd49d742cb43a740f763d498c54e517f0144bfc77f853d9008
                                                                                                • Instruction Fuzzy Hash: 5E81AF71504311AFD710DF24CA84A6B7BE9FB88314F140A2EF984E72D1DB78D941CBAA
                                                                                                Function 003DBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(00441990,000000FF,00000000,00000030), ref: 003DBFAC
                                                                                                • SetMenuItemInfoW.USER32(00441990,00000004,00000000,00000030), ref: 003DBFE1
                                                                                                • Sleep.KERNEL32(000001F4), ref: 003DBFF3
                                                                                                • GetMenuItemCount.USER32(?), ref: 003DC039
                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 003DC056
                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 003DC082
                                                                                                • GetMenuItemID.USER32(?,?), ref: 003DC0C9
                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 003DC10F
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003DC124
                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003DC145
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                • String ID: 0
                                                                                                • API String ID: 1460738036-4108050209
                                                                                                • Opcode ID: 56d38be6c2f4d8e62e67de7a733b07f10edf9e14cf5914a2d1a6cdf943e74fac
                                                                                                • Instruction ID: f0823a1f89a8a281152fea6aa7f41ac8fe4e74266ef46cf94c356ee83d427f35
                                                                                                • Opcode Fuzzy Hash: 56d38be6c2f4d8e62e67de7a733b07f10edf9e14cf5914a2d1a6cdf943e74fac
                                                                                                • Instruction Fuzzy Hash: 906192B2920256EFDF22CF64ED88AEEBB79EB05344F114156E801A7392C731ED44CB60
                                                                                                Function 003FCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003FCC64
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 003FCC8D
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003FCD48
                                                                                                  • Part of subcall function 003FCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 003FCCAA
                                                                                                  • Part of subcall function 003FCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 003FCCBD
                                                                                                  • Part of subcall function 003FCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003FCCCF
                                                                                                  • Part of subcall function 003FCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003FCD05
                                                                                                  • Part of subcall function 003FCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003FCD28
                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 003FCCF3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                • API String ID: 2734957052-4033151799
                                                                                                • Opcode ID: 1697ad8a9a7d7a33883adf8a231a3e76aecad14ac070748eca7bfee197ff3752
                                                                                                • Instruction ID: 9e3039ab863660fa9b06864b8d9cd17f64d4545dbe6c48b41c078efccb1ea9f3
                                                                                                • Opcode Fuzzy Hash: 1697ad8a9a7d7a33883adf8a231a3e76aecad14ac070748eca7bfee197ff3752
                                                                                                • Instruction Fuzzy Hash: CE318E7194112CFBDB219B90DD88EFFBB7CEF45750F010275BA06E6240DA349A45DAA4
                                                                                                Function 003E3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 003E3D40
                                                                                                • _wcslen.LIBCMT ref: 003E3D6D
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 003E3D9D
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 003E3DBE
                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 003E3DCE
                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 003E3E55
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003E3E60
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003E3E6B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                • String ID: :$\$\??\%s
                                                                                                • API String ID: 1149970189-3457252023
                                                                                                • Opcode ID: 3eacaebe57afcdaff3452d94cf70244571f9e8b292342c49709461872843138a
                                                                                                • Instruction ID: f2457d9357c2bfe15f4204c47e5130d1dd313e3ac7a817a661068d7b8e7cd8ad
                                                                                                • Opcode Fuzzy Hash: 3eacaebe57afcdaff3452d94cf70244571f9e8b292342c49709461872843138a
                                                                                                • Instruction Fuzzy Hash: A931B272900259ABDB229BA1DC89FEF37BCEF88700F5142B5F509E61A0E77497448B24
                                                                                                Function 003DE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • timeGetTime.WINMM ref: 003DE6B4
                                                                                                  • Part of subcall function 0038E551: timeGetTime.WINMM(?,?,003DE6D4), ref: 0038E555
                                                                                                • Sleep.KERNEL32(0000000A), ref: 003DE6E1
                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 003DE705
                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 003DE727
                                                                                                • SetActiveWindow.USER32 ref: 003DE746
                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 003DE754
                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 003DE773
                                                                                                • Sleep.KERNEL32(000000FA), ref: 003DE77E
                                                                                                • IsWindow.USER32 ref: 003DE78A
                                                                                                • EndDialog.USER32(00000000), ref: 003DE79B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                • String ID: BUTTON
                                                                                                • API String ID: 1194449130-3405671355
                                                                                                • Opcode ID: 2a5db6d825371e6b730b228216da47b070d47bf074de986e1f628d5840c3c910
                                                                                                • Instruction ID: 81b06361aded2bec29db65ef9b8f64d7b4703b2e1cf3927426bafdeec13101c1
                                                                                                • Opcode Fuzzy Hash: 2a5db6d825371e6b730b228216da47b070d47bf074de986e1f628d5840c3c910
                                                                                                • Instruction Fuzzy Hash: C121A775200201EFEB126F60FEC9A363F69F755349F510536F805A92B1DBB29C008A1D
                                                                                                Function 003DE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 003DEA5D
                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 003DEA73
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003DEA84
                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 003DEA96
                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 003DEAA7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: SendString$_wcslen
                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                • API String ID: 2420728520-1007645807
                                                                                                • Opcode ID: 414c21149980823146f9da8ac609242d45de9b82efaaaa9777dc2af4de7ec5bc
                                                                                                • Instruction ID: c2d6b6ca86ecf2341aed4a54440d46dffb75602e8de41375cc57cf9801bd6c13
                                                                                                • Opcode Fuzzy Hash: 414c21149980823146f9da8ac609242d45de9b82efaaaa9777dc2af4de7ec5bc
                                                                                                • Instruction Fuzzy Hash: 4E11947169025A79D721B761DC4AFFF6A7CEFD5B00F11442B7815A60D0DB741905C9B0
                                                                                                Function 003D9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?), ref: 003DA012
                                                                                                • SetKeyboardState.USER32(?), ref: 003DA07D
                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 003DA09D
                                                                                                • GetKeyState.USER32(000000A0), ref: 003DA0B4
                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 003DA0E3
                                                                                                • GetKeyState.USER32(000000A1), ref: 003DA0F4
                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 003DA120
                                                                                                • GetKeyState.USER32(00000011), ref: 003DA12E
                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 003DA157
                                                                                                • GetKeyState.USER32(00000012), ref: 003DA165
                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 003DA18E
                                                                                                • GetKeyState.USER32(0000005B), ref: 003DA19C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: State$Async$Keyboard
                                                                                                • String ID:
                                                                                                • API String ID: 541375521-0
                                                                                                • Opcode ID: ccb3e79fbedfc22f34e4487276f42407debaecf31f72c16a1831a36d2e344b48
                                                                                                • Instruction ID: 20199d1930a71102ec094d3568e81abbc87d971363b09c098826624f99a6b6d8
                                                                                                • Opcode Fuzzy Hash: ccb3e79fbedfc22f34e4487276f42407debaecf31f72c16a1831a36d2e344b48
                                                                                                • Instruction Fuzzy Hash: 96510C32904B8429FB37DB7059517EABFF45F02380F09459BD5C15B3C2DA549A4CC762
                                                                                                Function 003D5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,00000001), ref: 003D5CE2
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 003D5CFB
                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 003D5D59
                                                                                                • GetDlgItem.USER32(?,00000002), ref: 003D5D69
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 003D5D7B
                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 003D5DCF
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 003D5DDD
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 003D5DEF
                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 003D5E31
                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 003D5E44
                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 003D5E5A
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 003D5E67
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                • String ID:
                                                                                                • API String ID: 3096461208-0
                                                                                                • Opcode ID: e769461fc11561ae9548e94a58940301d97cc51773ffc51c4cea77d9326570dd
                                                                                                • Instruction ID: 7468fd8612b559d52a2d30dd8ca83490c14eeeff86319a6ad16b5c956faa98cd
                                                                                                • Opcode Fuzzy Hash: e769461fc11561ae9548e94a58940301d97cc51773ffc51c4cea77d9326570dd
                                                                                                • Instruction Fuzzy Hash: 3B510071B00609AFDF19DFA8DD89AAEBBB5FB48301F158229F515E7290D7709E04CB60
                                                                                                Function 00388BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00388F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00388BE8,?,00000000,?,?,?,?,00388BBA,00000000,?), ref: 00388FC5
                                                                                                • DestroyWindow.USER32(?), ref: 00388C81
                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00388BBA,00000000,?), ref: 00388D1B
                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 003C6973
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00388BBA,00000000,?), ref: 003C69A1
                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00388BBA,00000000,?), ref: 003C69B8
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00388BBA,00000000), ref: 003C69D4
                                                                                                • DeleteObject.GDI32(00000000), ref: 003C69E6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                • String ID:
                                                                                                • API String ID: 641708696-0
                                                                                                • Opcode ID: 4bc76de0ec3dcc5dc2e9fcd30a95882b61f1dad0a1281b05a404f440e30f2981
                                                                                                • Instruction ID: 07f7bdfcfe7ae381a831c8f89c02dcd15d7d07d7a657177aae3922163d4134ec
                                                                                                • Opcode Fuzzy Hash: 4bc76de0ec3dcc5dc2e9fcd30a95882b61f1dad0a1281b05a404f440e30f2981
                                                                                                • Instruction Fuzzy Hash: 68618974102710DFDB22AF18DA89B25B7F1FB41312F55456CE042AB9B4CB31AD80CB98
                                                                                                Function 00389838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389944: GetWindowLongW.USER32(?,000000EB), ref: 00389952
                                                                                                • GetSysColor.USER32(0000000F), ref: 00389862
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ColorLongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 259745315-0
                                                                                                • Opcode ID: a746187e47834b16c916165963569d57566d012cfa80941f328fcd2f20bb60f6
                                                                                                • Instruction ID: 63cc0490c136d368f48211ad64207357817d4b668846e10bd52737b64fc70d18
                                                                                                • Opcode Fuzzy Hash: a746187e47834b16c916165963569d57566d012cfa80941f328fcd2f20bb60f6
                                                                                                • Instruction Fuzzy Hash: 3241B431104750EFDB226F389C88BB93BA5FB46334F19469AF9A29B1E1C7319C42DB10
                                                                                                Function 003A8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: .9
                                                                                                • API String ID: 0-4137932486
                                                                                                • Opcode ID: e0d153ce06e3a498377fb51b87abeb44f9360a7a7b6689b6daf82d749b5eacef
                                                                                                • Instruction ID: 9aa3f6597274d0f44f609910d03e563efcb32cae6435c2735276a2f4748910e9
                                                                                                • Opcode Fuzzy Hash: e0d153ce06e3a498377fb51b87abeb44f9360a7a7b6689b6daf82d749b5eacef
                                                                                                • Instruction Fuzzy Hash: D8C1F278904249AFDF12DFA8D845BADBBB4EF0B310F0541AAE954AB392C7708941CB61
                                                                                                Function 003D96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,003BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 003D9717
                                                                                                • LoadStringW.USER32(00000000,?,003BF7F8,00000001), ref: 003D9720
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,003BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 003D9742
                                                                                                • LoadStringW.USER32(00000000,?,003BF7F8,00000001), ref: 003D9745
                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 003D9866
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                • API String ID: 747408836-2268648507
                                                                                                • Opcode ID: d58856a588c1f4c6da336c4933bb01efc719f6fdf7f5117f1ae0acda8aba6156
                                                                                                • Instruction ID: 70fb44f11d6d08fbfdf681fc9eb3a44201f153c9df145e74efa6ad539e5b066c
                                                                                                • Opcode Fuzzy Hash: d58856a588c1f4c6da336c4933bb01efc719f6fdf7f5117f1ae0acda8aba6156
                                                                                                • Instruction Fuzzy Hash: F0417272900209BADF16FBE0DD92EEE7378AF15300F104166F6097A092EB395F48DB61
                                                                                                Function 003D06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 003D07A2
                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 003D07BE
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 003D07DA
                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 003D0804
                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 003D082C
                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003D0837
                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003D083C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                • API String ID: 323675364-22481851
                                                                                                • Opcode ID: d3f48ade57bed22c5684bd44a8dda01d3a0a38115d1f17917f5b04a01eb7afe5
                                                                                                • Instruction ID: 0f073248dc4e0f5152489f76010a282da5f1a0a18bb19642c62ec9c314081f56
                                                                                                • Opcode Fuzzy Hash: d3f48ade57bed22c5684bd44a8dda01d3a0a38115d1f17917f5b04a01eb7afe5
                                                                                                • Instruction Fuzzy Hash: 58412A72C10228EBDF26EBA4DC95DEDB7B8BF44740F158126E905B71A1EB345E04CB90
                                                                                                Function 003F3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 003F3C5C
                                                                                                • CoInitialize.OLE32(00000000), ref: 003F3C8A
                                                                                                • CoUninitialize.OLE32 ref: 003F3C94
                                                                                                • _wcslen.LIBCMT ref: 003F3D2D
                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 003F3DB1
                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 003F3ED5
                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 003F3F0E
                                                                                                • CoGetObject.OLE32(?,00000000,0040FB98,?), ref: 003F3F2D
                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 003F3F40
                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003F3FC4
                                                                                                • VariantClear.OLEAUT32(?), ref: 003F3FD8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 429561992-0
                                                                                                • Opcode ID: 61ae4a2e1abe0111bbb14b71bf214dbc572b6713d730b0f40f338a67316be7ed
                                                                                                • Instruction ID: fd20d9a3bf3b72be225ddc1d713c3d8a275880562d29166a45e249847c794d20
                                                                                                • Opcode Fuzzy Hash: 61ae4a2e1abe0111bbb14b71bf214dbc572b6713d730b0f40f338a67316be7ed
                                                                                                • Instruction Fuzzy Hash: DFC135716083099FD711DF68C88492BB7E9FF89748F10492DFA8A9B251D731EE05CB52
                                                                                                Function 003E7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000), ref: 003E7AF3
                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 003E7B8F
                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 003E7BA3
                                                                                                • CoCreateInstance.OLE32(0040FD08,00000000,00000001,00436E6C,?), ref: 003E7BEF
                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 003E7C74
                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 003E7CCC
                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 003E7D57
                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 003E7D7A
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 003E7D81
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 003E7DD6
                                                                                                • CoUninitialize.OLE32 ref: 003E7DDC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 2762341140-0
                                                                                                • Opcode ID: 9bef71160acf539407ea55fdf70abde0d61b8622e09fb7b4646903d0af7e44b8
                                                                                                • Instruction ID: ee51d1548c3368cb15f3bdff6e98d784bb02956fccb7d331fe603b7aea00b569
                                                                                                • Opcode Fuzzy Hash: 9bef71160acf539407ea55fdf70abde0d61b8622e09fb7b4646903d0af7e44b8
                                                                                                • Instruction Fuzzy Hash: 8CC14B75A04159EFCB15DFA5C884DAEBBF9FF48304B1481A9E809EB261D730EE41CB90
                                                                                                Function 0040541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00405504
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405515
                                                                                                • CharNextW.USER32(00000158), ref: 00405544
                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00405585
                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0040559B
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004055AC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CharNext
                                                                                                • String ID:
                                                                                                • API String ID: 1350042424-0
                                                                                                • Opcode ID: 5c25c99765271f03b5fe62b39392a8b21381aa261e59e13dfdd326d8c845f2dd
                                                                                                • Instruction ID: 53b70cae9f1aed18182f5048dd2c3d9047e2d2d7f0ce5fadc0f1cefd64162332
                                                                                                • Opcode Fuzzy Hash: 5c25c99765271f03b5fe62b39392a8b21381aa261e59e13dfdd326d8c845f2dd
                                                                                                • Instruction Fuzzy Hash: BB617A74900608EBDF209F54CC84AFF7BB9EB09320F104566F925BA2D0D7789A81DF69
                                                                                                Function 003CFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 003CFAAF
                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 003CFB08
                                                                                                • VariantInit.OLEAUT32(?), ref: 003CFB1A
                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 003CFB3A
                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 003CFB8D
                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 003CFBA1
                                                                                                • VariantClear.OLEAUT32(?), ref: 003CFBB6
                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 003CFBC3
                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003CFBCC
                                                                                                • VariantClear.OLEAUT32(?), ref: 003CFBDE
                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003CFBE9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                • String ID:
                                                                                                • API String ID: 2706829360-0
                                                                                                • Opcode ID: 277b0ba012ff8e2d57e21bc728363edd96a60571491c39db93257d03f165f7a4
                                                                                                • Instruction ID: f153c507229a8f388a0c42ee6f74bd24ca5150a3f2f4964392daee20e2c72995
                                                                                                • Opcode Fuzzy Hash: 277b0ba012ff8e2d57e21bc728363edd96a60571491c39db93257d03f165f7a4
                                                                                                • Instruction Fuzzy Hash: B7413D35A00219DFCB05DF64C894EAEBBBAFF48344F018169E945EB261CB34AD45CFA0
                                                                                                Function 003D9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?), ref: 003D9CA1
                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 003D9D22
                                                                                                • GetKeyState.USER32(000000A0), ref: 003D9D3D
                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 003D9D57
                                                                                                • GetKeyState.USER32(000000A1), ref: 003D9D6C
                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 003D9D84
                                                                                                • GetKeyState.USER32(00000011), ref: 003D9D96
                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 003D9DAE
                                                                                                • GetKeyState.USER32(00000012), ref: 003D9DC0
                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 003D9DD8
                                                                                                • GetKeyState.USER32(0000005B), ref: 003D9DEA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: State$Async$Keyboard
                                                                                                • String ID:
                                                                                                • API String ID: 541375521-0
                                                                                                • Opcode ID: 5afca16c674b50b51e7c7bae143cd312767c5b8f425e653504f50cb4b5af99bd
                                                                                                • Instruction ID: fc72ce2e0a87e868138d26c3db5933b032045b3b0b3cef43265fde2a2f08a5a8
                                                                                                • Opcode Fuzzy Hash: 5afca16c674b50b51e7c7bae143cd312767c5b8f425e653504f50cb4b5af99bd
                                                                                                • Instruction Fuzzy Hash: 5C4128355047C96DFF329760A8443B5BEA16F11304F05806BDAC6573C2EBA499C8C7A2
                                                                                                Function 003F055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 003F05BC
                                                                                                • inet_addr.WSOCK32(?), ref: 003F061C
                                                                                                • gethostbyname.WSOCK32(?), ref: 003F0628
                                                                                                • IcmpCreateFile.IPHLPAPI ref: 003F0636
                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 003F06C6
                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 003F06E5
                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 003F07B9
                                                                                                • WSACleanup.WSOCK32 ref: 003F07BF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                • String ID: Ping
                                                                                                • API String ID: 1028309954-2246546115
                                                                                                • Opcode ID: 4e4c7d542c5705fc72f9305dec0f4af813d9b2b7caff722c2ebf581878623e5a
                                                                                                • Instruction ID: 6e887a6ff4997d655b8cef7bbcd2f7bd4ded627b93902e75cb98002d6cddee14
                                                                                                • Opcode Fuzzy Hash: 4e4c7d542c5705fc72f9305dec0f4af813d9b2b7caff722c2ebf581878623e5a
                                                                                                • Instruction Fuzzy Hash: 5F91AC34608201DFD726EF19C988F2ABBE4AF44318F1585A9E5699F7A2C734EC45CF81
                                                                                                Function 003F8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                • API String ID: 707087890-567219261
                                                                                                • Opcode ID: c2336c11ed72d2702c7bcc70200da103ba057b5c66e65fd4c51b33841f5e4153
                                                                                                • Instruction ID: ad3c71b6a7e2933bef4ff58e23c2baedc41853a5ecc271ecb9b8bcab00389a0d
                                                                                                • Opcode Fuzzy Hash: c2336c11ed72d2702c7bcc70200da103ba057b5c66e65fd4c51b33841f5e4153
                                                                                                • Instruction Fuzzy Hash: 2F51D532A0051A9BCF2ADF6CC9519BEB3A5BF74324B214229F656EB2C0DB34DD41C790
                                                                                                Function 003F372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32 ref: 003F3774
                                                                                                • CoUninitialize.OLE32 ref: 003F377F
                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,0040FB78,?), ref: 003F37D9
                                                                                                • IIDFromString.OLE32(?,?), ref: 003F384C
                                                                                                • VariantInit.OLEAUT32(?), ref: 003F38E4
                                                                                                • VariantClear.OLEAUT32(?), ref: 003F3936
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                • API String ID: 636576611-1287834457
                                                                                                • Opcode ID: da08f6fa8afa0f5db806ab8eb9f2923b27363486e3f333309cdcb7614bc5b0f1
                                                                                                • Instruction ID: cbd9a35f5733d5cddfa3f34534be3438847fabca8c61d1b164b3710b6292792f
                                                                                                • Opcode Fuzzy Hash: da08f6fa8afa0f5db806ab8eb9f2923b27363486e3f333309cdcb7614bc5b0f1
                                                                                                • Instruction Fuzzy Hash: E561B171608305EFD312EF54C888F6AB7E8EF49750F104919FA859B291C774EE48CB96
                                                                                                Function 00408B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                  • Part of subcall function 0038912D: GetCursorPos.USER32(?), ref: 00389141
                                                                                                  • Part of subcall function 0038912D: ScreenToClient.USER32(00000000,?), ref: 0038915E
                                                                                                  • Part of subcall function 0038912D: GetAsyncKeyState.USER32(00000001), ref: 00389183
                                                                                                  • Part of subcall function 0038912D: GetAsyncKeyState.USER32(00000002), ref: 0038919D
                                                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00408B6B
                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00408B71
                                                                                                • ReleaseCapture.USER32 ref: 00408B77
                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00408C12
                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00408C25
                                                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00408CFF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#D
                                                                                                • API String ID: 1924731296-221686180
                                                                                                • Opcode ID: b99af7b3112cfa9af36691ea855225076a37b777cfdbd7d63350738fccf039a9
                                                                                                • Instruction ID: b50799368a3c7b0dea42228e5ce179946a88654e5466a0fecdac73caf9f7feaa
                                                                                                • Opcode Fuzzy Hash: b99af7b3112cfa9af36691ea855225076a37b777cfdbd7d63350738fccf039a9
                                                                                                • Instruction Fuzzy Hash: B151B174104304AFE711EF20CD95FAA77E4FB88714F000A2EF9966B2E1CB749944CB66
                                                                                                Function 003E3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 003E33CF
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 003E33F0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LoadString$_wcslen
                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                • API String ID: 4099089115-3080491070
                                                                                                • Opcode ID: d6b96d69be491ff3e2aab969a436fa87e364ad3a76f6ad2e29a3959e112e3264
                                                                                                • Instruction ID: f3af80cf37e7ddc283c71d172f12687bd57ec4b599d2cdc8febe4551ef717b14
                                                                                                • Opcode Fuzzy Hash: d6b96d69be491ff3e2aab969a436fa87e364ad3a76f6ad2e29a3959e112e3264
                                                                                                • Instruction Fuzzy Hash: FE51B531900119BADF26EBA0CD56EEEB378AF15300F208162F509771A1DB352F58DF61
                                                                                                Function 003DB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                • API String ID: 1256254125-769500911
                                                                                                • Opcode ID: 0fa19cee4f0fa55e55865b166ddac45f83893b658e39fdf4aff66db33b19c3d4
                                                                                                • Instruction ID: 3414c500720fe4fa208556abc12b4d0cb17b9a7f557c86024e3c1701943f3f39
                                                                                                • Opcode Fuzzy Hash: 0fa19cee4f0fa55e55865b166ddac45f83893b658e39fdf4aff66db33b19c3d4
                                                                                                • Instruction Fuzzy Hash: AD41B233A00026DACB216F7D98905BEF7A5AFA4B54B27422BE421DB384E735CD81C790
                                                                                                Function 003E5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 003E53A0
                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003E5416
                                                                                                • GetLastError.KERNEL32 ref: 003E5420
                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 003E54A7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                • API String ID: 4194297153-14809454
                                                                                                • Opcode ID: 5aef2ab476e22fa3d2958fcf20d9ce925dd9640bcb37317179df0174228085ba
                                                                                                • Instruction ID: 1ea9fffc2825ed6e2699d6a26dfb2f2b44f059eafedc8d18b7760863136b6938
                                                                                                • Opcode Fuzzy Hash: 5aef2ab476e22fa3d2958fcf20d9ce925dd9640bcb37317179df0174228085ba
                                                                                                • Instruction Fuzzy Hash: C431AE35A00155AFCB12DF6AC484AAABBB4EB04309F15C26AE405DF2D2DB74DD86CF90
                                                                                                Function 00403C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateMenu.USER32 ref: 00403C79
                                                                                                • SetMenu.USER32(?,00000000), ref: 00403C88
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00403D10
                                                                                                • IsMenu.USER32(?), ref: 00403D24
                                                                                                • CreatePopupMenu.USER32 ref: 00403D2E
                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00403D5B
                                                                                                • DrawMenuBar.USER32 ref: 00403D63
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                • String ID: 0$F
                                                                                                • API String ID: 161812096-3044882817
                                                                                                • Opcode ID: 5e21cda6480fdfaf2fb6ca1eac7295853344165907e975048dee1cf7af7835c9
                                                                                                • Instruction ID: 542b81f7a75c4dbbf11c5ef5d3656bf68cfe795cca4464c08a876345ad366660
                                                                                                • Opcode Fuzzy Hash: 5e21cda6480fdfaf2fb6ca1eac7295853344165907e975048dee1cf7af7835c9
                                                                                                • Instruction Fuzzy Hash: 01417C79A01209EFDB14CF64D884EAA7BB9FF49351F140139F946A73A0D734AA10DF98
                                                                                                Function 003D1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003D3CCA
                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 003D1F64
                                                                                                • GetDlgCtrlID.USER32 ref: 003D1F6F
                                                                                                • GetParent.USER32 ref: 003D1F8B
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 003D1F8E
                                                                                                • GetDlgCtrlID.USER32(?), ref: 003D1F97
                                                                                                • GetParent.USER32(?), ref: 003D1FAB
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 003D1FAE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 711023334-1403004172
                                                                                                • Opcode ID: e1ca37b5a427b1cb3520f495d509bd96dc328649c5344c30480c45b092d8a56b
                                                                                                • Instruction ID: e34478ab8acf6923f8e0d5ca15808d9bd2ef0fe583504c9536dfa608531a2ac8
                                                                                                • Opcode Fuzzy Hash: e1ca37b5a427b1cb3520f495d509bd96dc328649c5344c30480c45b092d8a56b
                                                                                                • Instruction Fuzzy Hash: F0210471A00214BBCF12AFA0DC85EEEBBBCEF05300F104656F965A7291CB395908DB64
                                                                                                Function 00403A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00403A9D
                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00403AA0
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00403AC7
                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403AEA
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00403B62
                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00403BAC
                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00403BC7
                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00403BE2
                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00403BF6
                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00403C13
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 312131281-0
                                                                                                • Opcode ID: df78ba890356822130437ad5e583627d6aad9e7564ad5e4c89ab36dbecab6ab6
                                                                                                • Instruction ID: 75515ef7cfc9c90fea3ef2c068329cadfecb62596ba073bb25218c72c349af88
                                                                                                • Opcode Fuzzy Hash: df78ba890356822130437ad5e583627d6aad9e7564ad5e4c89ab36dbecab6ab6
                                                                                                • Instruction Fuzzy Hash: A3618B75900248AFDB10DF68CC81EEE77B8EB49304F1001AAFA05E72E2D774AE81DB54
                                                                                                Function 003DB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 003DB151
                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,003DA1E1,?,00000001), ref: 003DB165
                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 003DB16C
                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003DA1E1,?,00000001), ref: 003DB17B
                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 003DB18D
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,003DA1E1,?,00000001), ref: 003DB1A6
                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003DA1E1,?,00000001), ref: 003DB1B8
                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,003DA1E1,?,00000001), ref: 003DB1FD
                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,003DA1E1,?,00000001), ref: 003DB212
                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,003DA1E1,?,00000001), ref: 003DB21D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                • String ID:
                                                                                                • API String ID: 2156557900-0
                                                                                                • Opcode ID: 34f45136e27563a83d3b862ce297cdba6c26602810ea888ce789cb417ab7f06b
                                                                                                • Instruction ID: 1b982e9341ad1b2443919700605e2cceaab63c1b3d96bf315655caa016b4a6e7
                                                                                                • Opcode Fuzzy Hash: 34f45136e27563a83d3b862ce297cdba6c26602810ea888ce789cb417ab7f06b
                                                                                                • Instruction Fuzzy Hash: 9B31D477500204FFDB229F24FC84F6DBB79BB11756F124626F900D6250C77099048F28
                                                                                                Function 003A2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 003A2C94
                                                                                                  • Part of subcall function 003A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000), ref: 003A29DE
                                                                                                  • Part of subcall function 003A29C8: GetLastError.KERNEL32(00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000,00000000), ref: 003A29F0
                                                                                                • _free.LIBCMT ref: 003A2CA0
                                                                                                • _free.LIBCMT ref: 003A2CAB
                                                                                                • _free.LIBCMT ref: 003A2CB6
                                                                                                • _free.LIBCMT ref: 003A2CC1
                                                                                                • _free.LIBCMT ref: 003A2CCC
                                                                                                • _free.LIBCMT ref: 003A2CD7
                                                                                                • _free.LIBCMT ref: 003A2CE2
                                                                                                • _free.LIBCMT ref: 003A2CED
                                                                                                • _free.LIBCMT ref: 003A2CFB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: c110f58ab37b1fed8a869d2c1697d22602d553a5114494f9b543b422f634af0c
                                                                                                • Instruction ID: 6680ce2b7b8f6510e1632c3b576e71ec687b4810a9565c980ac1c3050eb027f0
                                                                                                • Opcode Fuzzy Hash: c110f58ab37b1fed8a869d2c1697d22602d553a5114494f9b543b422f634af0c
                                                                                                • Instruction Fuzzy Hash: 73119676100108AFCB42EF58D846CDE3BA5FF06750F4144A9FA485F222D731EA609B91
                                                                                                Function 003E7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003E7FAD
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E7FC1
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 003E7FEB
                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 003E8005
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E8017
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 003E8060
                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003E80B0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                • String ID: *.*
                                                                                                • API String ID: 769691225-438819550
                                                                                                • Opcode ID: 44eb3f61164961949fd8f80fe08260db912b9e821bc1c65bfae97f684ea9f09c
                                                                                                • Instruction ID: c4f793219cac9bed49b6140e187f66751e28cc58b8c175c3eece2ea5ce61dae1
                                                                                                • Opcode Fuzzy Hash: 44eb3f61164961949fd8f80fe08260db912b9e821bc1c65bfae97f684ea9f09c
                                                                                                • Instruction Fuzzy Hash: 1081C4715182919BCB26DF15C480AAEB3D8BFC5310F154E5EF889DB290EB34DD45CB52
                                                                                                Function 00375BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00375C7A
                                                                                                  • Part of subcall function 00375D0A: GetClientRect.USER32(?,?), ref: 00375D30
                                                                                                  • Part of subcall function 00375D0A: GetWindowRect.USER32(?,?), ref: 00375D71
                                                                                                  • Part of subcall function 00375D0A: ScreenToClient.USER32(?,?), ref: 00375D99
                                                                                                • GetDC.USER32 ref: 003B46F5
                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 003B4708
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 003B4716
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 003B472B
                                                                                                • ReleaseDC.USER32(?,00000000), ref: 003B4733
                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 003B47C4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                • String ID: U
                                                                                                • API String ID: 4009187628-3372436214
                                                                                                • Opcode ID: ca59e35c7145d34b1acb1d471fcadd39f939609dc44ec7490fc66f544ce9ed9e
                                                                                                • Instruction ID: ad61989a8d6221bfee9ccb6b5d991c2111d343666444e792104dbd6cf0b966e2
                                                                                                • Opcode Fuzzy Hash: ca59e35c7145d34b1acb1d471fcadd39f939609dc44ec7490fc66f544ce9ed9e
                                                                                                • Instruction Fuzzy Hash: 0C710134400205DFCF278F64C986AFA3BB5FF4A318F144269EE655A6A7CB318881DF54
                                                                                                Function 003E359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003E35E4
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • LoadStringW.USER32(00442390,?,00000FFF,?), ref: 003E360A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LoadString$_wcslen
                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                • API String ID: 4099089115-2391861430
                                                                                                • Opcode ID: 2b346d2cacb043163355c6c9339fe2941673dfc9fbeff15a6eeb4750bd3ec3e4
                                                                                                • Instruction ID: 6f4e7e234f08478663725bc6e295cee8f651dcf8e1a4994bf8d45db0ff7d97e8
                                                                                                • Opcode Fuzzy Hash: 2b346d2cacb043163355c6c9339fe2941673dfc9fbeff15a6eeb4750bd3ec3e4
                                                                                                • Instruction Fuzzy Hash: 8C51B47180011ABADF26EBA0CC46EEDBB74AF14300F148226F509771A1DB341B98DF55
                                                                                                Function 003EC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003EC272
                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003EC29A
                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003EC2CA
                                                                                                • GetLastError.KERNEL32 ref: 003EC322
                                                                                                • SetEvent.KERNEL32(?), ref: 003EC336
                                                                                                • InternetCloseHandle.WININET(00000000), ref: 003EC341
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                • String ID:
                                                                                                • API String ID: 3113390036-3916222277
                                                                                                • Opcode ID: 02c55f62d2f7156e46d54ba768dde146fb365018aaf4e2241b04423fe2df7399
                                                                                                • Instruction ID: 8eb64508829048106622e3977bbc9db5e3f27dbd0fc8d52f22707a8f98eac6bf
                                                                                                • Opcode Fuzzy Hash: 02c55f62d2f7156e46d54ba768dde146fb365018aaf4e2241b04423fe2df7399
                                                                                                • Instruction Fuzzy Hash: 0131C275510254AFD7229F668D84AAF7BFCEB49740F04962DF446E7280DB34DD068B60
                                                                                                Function 003D989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,003B3AAF,?,?,Bad directive syntax error,0040CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 003D98BC
                                                                                                • LoadStringW.USER32(00000000,?,003B3AAF,?), ref: 003D98C3
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 003D9987
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                • API String ID: 858772685-4153970271
                                                                                                • Opcode ID: ff0b0a0dda97801ce47fd177bf30e8aeacf4fcf2fb353a6e5d931ce20a7f81f2
                                                                                                • Instruction ID: 874b849ddc12f44fe08694611ab7b8f8102efe3f2b5798420188868b91ed269b
                                                                                                • Opcode Fuzzy Hash: ff0b0a0dda97801ce47fd177bf30e8aeacf4fcf2fb353a6e5d931ce20a7f81f2
                                                                                                • Instruction Fuzzy Hash: 30215E3290021ABBDF22AF90CC56FED7779BF18300F048466B5196A0A1DB359618DB55
                                                                                                Function 003D209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32 ref: 003D20AB
                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 003D20C0
                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 003D214D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                • API String ID: 1290815626-3381328864
                                                                                                • Opcode ID: 9016258901c10d36a8d5d09252468bf04374695e39b24f98aaebfaef6ce6efa1
                                                                                                • Instruction ID: 8ecc514b5bbd49bfc99afbf0f0a03ff0a091eb581debd5605110a881e6e48ec4
                                                                                                • Opcode Fuzzy Hash: 9016258901c10d36a8d5d09252468bf04374695e39b24f98aaebfaef6ce6efa1
                                                                                                • Instruction Fuzzy Hash: 36110677688706B9FA132220EC07DA7779CCF28724F215227FB04A92D1EE6568565618
                                                                                                Function 003ACE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                • String ID:
                                                                                                • API String ID: 1282221369-0
                                                                                                • Opcode ID: c8f5cd4461aef749bdba16a94dae49694ae425aaede8e69b7bb703823821c72a
                                                                                                • Instruction ID: 919bb7c63df423a714236a61f366e4ff3dceaa540981524980bcad4b531c0195
                                                                                                • Opcode Fuzzy Hash: c8f5cd4461aef749bdba16a94dae49694ae425aaede8e69b7bb703823821c72a
                                                                                                • Instruction Fuzzy Hash: F96148B2904300AFDF27AFB89885A6A7BA9EF07360F05417DFA55AB281D7319D01C791
                                                                                                Function 004050D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00405186
                                                                                                • ShowWindow.USER32(?,00000000), ref: 004051C7
                                                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 004051CD
                                                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 004051D1
                                                                                                  • Part of subcall function 00406FBA: DeleteObject.GDI32(00000000), ref: 00406FE6
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0040520D
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040521A
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0040524D
                                                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00405287
                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00405296
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                • String ID:
                                                                                                • API String ID: 3210457359-0
                                                                                                • Opcode ID: bcf22de8279fe8f14829b66e7edbf6583a0bd86b6d33eb40bdd1d630d80a4ffd
                                                                                                • Instruction ID: a19c20abbbe892092fa961006772d22572598fb10b425e1b3ddcfb8d47aa53a3
                                                                                                • Opcode Fuzzy Hash: bcf22de8279fe8f14829b66e7edbf6583a0bd86b6d33eb40bdd1d630d80a4ffd
                                                                                                • Instruction Fuzzy Hash: B6518D30A40A08FEEF20AF24CC49B9B3B65EF05325F144167F615BA2E0C779A990DF49
                                                                                                Function 00388B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 003C6890
                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 003C68A9
                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 003C68B9
                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 003C68D1
                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 003C68F2
                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00388874,00000000,00000000,00000000,000000FF,00000000), ref: 003C6901
                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 003C691E
                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00388874,00000000,00000000,00000000,000000FF,00000000), ref: 003C692D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 1268354404-0
                                                                                                • Opcode ID: 4e929c23da394e793b4676d1990daf5da177d666bfcc7f908575d95a7298e962
                                                                                                • Instruction ID: 5683a4f2309f211a344b7656138efee08731a264a0292527298f457f92249596
                                                                                                • Opcode Fuzzy Hash: 4e929c23da394e793b4676d1990daf5da177d666bfcc7f908575d95a7298e962
                                                                                                • Instruction Fuzzy Hash: FA514974600305EFDB229F24CC96FAA7BA5EB88750F104668F916E62A0DB70AD91DB50
                                                                                                Function 003EC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003EC182
                                                                                                • GetLastError.KERNEL32 ref: 003EC195
                                                                                                • SetEvent.KERNEL32(?), ref: 003EC1A9
                                                                                                  • Part of subcall function 003EC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003EC272
                                                                                                  • Part of subcall function 003EC253: GetLastError.KERNEL32 ref: 003EC322
                                                                                                  • Part of subcall function 003EC253: SetEvent.KERNEL32(?), ref: 003EC336
                                                                                                  • Part of subcall function 003EC253: InternetCloseHandle.WININET(00000000), ref: 003EC341
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                • String ID:
                                                                                                • API String ID: 337547030-0
                                                                                                • Opcode ID: fc3b8b56af3378a7d3f8ca99db1ca416fe9da2da683dab7ae1561d2b7379e911
                                                                                                • Instruction ID: fdd2082253043e6c6e1a6cfc075744bc8f1b26f5dd3dd05607c95c6101815d94
                                                                                                • Opcode Fuzzy Hash: fc3b8b56af3378a7d3f8ca99db1ca416fe9da2da683dab7ae1561d2b7379e911
                                                                                                • Instruction Fuzzy Hash: FE31E170110691EFCB229FA6DD44A6ABBF9FF18300B005A2DFA5693650C730E812DBA0
                                                                                                Function 003D25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003D3A57
                                                                                                  • Part of subcall function 003D3A3D: GetCurrentThreadId.KERNEL32 ref: 003D3A5E
                                                                                                  • Part of subcall function 003D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003D25B3), ref: 003D3A65
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 003D25BD
                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 003D25DB
                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 003D25DF
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 003D25E9
                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 003D2601
                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 003D2605
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 003D260F
                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 003D2623
                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 003D2627
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2014098862-0
                                                                                                • Opcode ID: 18443dab2d5f04feac483eed1c30944f8c6f4eb239e1303ce2a4137c8c9a989b
                                                                                                • Instruction ID: 4e224787edd644bcbd4f7b5d62c8aec09925cb2a115cf3484ba7d7979a8064de
                                                                                                • Opcode Fuzzy Hash: 18443dab2d5f04feac483eed1c30944f8c6f4eb239e1303ce2a4137c8c9a989b
                                                                                                • Instruction Fuzzy Hash: 1001B531790210BBFB2067689CCAF593E59DB5AB11F100112F354AE1D1C9F254448AAA
                                                                                                Function 003D1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,003D1449,?,?,00000000), ref: 003D180C
                                                                                                • HeapAlloc.KERNEL32(00000000,?,003D1449,?,?,00000000), ref: 003D1813
                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003D1449,?,?,00000000), ref: 003D1828
                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,003D1449,?,?,00000000), ref: 003D1830
                                                                                                • DuplicateHandle.KERNEL32(00000000,?,003D1449,?,?,00000000), ref: 003D1833
                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003D1449,?,?,00000000), ref: 003D1843
                                                                                                • GetCurrentProcess.KERNEL32(003D1449,00000000,?,003D1449,?,?,00000000), ref: 003D184B
                                                                                                • DuplicateHandle.KERNEL32(00000000,?,003D1449,?,?,00000000), ref: 003D184E
                                                                                                • CreateThread.KERNEL32(00000000,00000000,003D1874,00000000,00000000,00000000), ref: 003D1868
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                • String ID:
                                                                                                • API String ID: 1957940570-0
                                                                                                • Opcode ID: 01b52fb17eafebd91a9990a5ef58ba1cf054bec9858e8689a186f3b4f7868489
                                                                                                • Instruction ID: 5458e197309884f3e31f36601b3dd4e5af3049f245d4629ba2fc4a3201304bbb
                                                                                                • Opcode Fuzzy Hash: 01b52fb17eafebd91a9990a5ef58ba1cf054bec9858e8689a186f3b4f7868489
                                                                                                • Instruction Fuzzy Hash: 4001AC75240304FFE610AB75DD89F573B6CEB89B11F004521FA05DB191C6709C00CF24
                                                                                                Function 003A3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                • String ID: }}9$}}9$}}9
                                                                                                • API String ID: 1036877536-2197259215
                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                • Instruction ID: 18abd3eaa7ba4311f33f902e0b0c6d9cec4cb3b2d13b8e93d33472eccbdb4034
                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                • Instruction Fuzzy Hash: 59A14872E103869FDB27CF18C8917AEFBE4EFA3350F19416DE5959B281C2B88981C750
                                                                                                Function 003FA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003DD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 003DD501
                                                                                                  • Part of subcall function 003DD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 003DD50F
                                                                                                  • Part of subcall function 003DD4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 003DD5DC
                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003FA16D
                                                                                                • GetLastError.KERNEL32 ref: 003FA180
                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003FA1B3
                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 003FA268
                                                                                                • GetLastError.KERNEL32(00000000), ref: 003FA273
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003FA2C4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                                                • String ID: SeDebugPrivilege
                                                                                                • API String ID: 1701285019-2896544425
                                                                                                • Opcode ID: 085738e5fa3e5c7b2ee7826bf7c62c2345df2e7faf4585bb00c717ec0b89a302
                                                                                                • Instruction ID: cd7aa2599f44ae00e5bd73b8ea46b4a386e5e263a36c79b1ff504140a7c00742
                                                                                                • Opcode Fuzzy Hash: 085738e5fa3e5c7b2ee7826bf7c62c2345df2e7faf4585bb00c717ec0b89a302
                                                                                                • Instruction Fuzzy Hash: 7D61AC71204602AFD322DF18C4D4F29BBA5AF44318F15849CE56A4F7A3C776EC45CB92
                                                                                                Function 00403886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00403925
                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0040393A
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00403954
                                                                                                • _wcslen.LIBCMT ref: 00403999
                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 004039C6
                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 004039F4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                • String ID: SysListView32
                                                                                                • API String ID: 2147712094-78025650
                                                                                                • Opcode ID: b5983d623d38b2bbcc7073d6b81ba41fc3ab45c2a14694e32a33c05b7865a6ea
                                                                                                • Instruction ID: eed7703068d2814efbaabf01068b3338bc8c07160c91198fb05e49128c3ad7f2
                                                                                                • Opcode Fuzzy Hash: b5983d623d38b2bbcc7073d6b81ba41fc3ab45c2a14694e32a33c05b7865a6ea
                                                                                                • Instruction Fuzzy Hash: 2B41A171A00218ABEB219F64CC45BEB7BA9EF08350F100536F958F72C1D7799D80CB94
                                                                                                Function 003DBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003DBCFD
                                                                                                • IsMenu.USER32(00000000), ref: 003DBD1D
                                                                                                • CreatePopupMenu.USER32 ref: 003DBD53
                                                                                                • GetMenuItemCount.USER32(00DC5968), ref: 003DBDA4
                                                                                                • InsertMenuItemW.USER32(00DC5968,?,00000001,00000030), ref: 003DBDCC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                • String ID: 0$2
                                                                                                • API String ID: 93392585-3793063076
                                                                                                • Opcode ID: 845153bab7cc46b837389b0807f10d4b369b4bab1ba7298dfa0f60c89863bf98
                                                                                                • Instruction ID: 78caa5e97113cfc83a08d33a90e06c0aedd62c037d2260adbf17ebeea576073e
                                                                                                • Opcode Fuzzy Hash: 845153bab7cc46b837389b0807f10d4b369b4bab1ba7298dfa0f60c89863bf98
                                                                                                • Instruction Fuzzy Hash: 09519172600245EBDB12CFA8E9C4BADFBFABF49314F16425AE441AB390D7709940CB51
                                                                                                Function 00392D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00392D4B
                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00392D53
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00392DE1
                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00392E0C
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00392E61
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                • String ID: &H9$csm
                                                                                                • API String ID: 1170836740-3902721481
                                                                                                • Opcode ID: 7e42714fa4ecd24624004d01f201293f99d1568622c80844b2a5a24c8b83b2aa
                                                                                                • Instruction ID: 3dd9b3020ccf8d4e58bef565e0212342f3146a4779f73f9c2a9a7fb03dbd5b81
                                                                                                • Opcode Fuzzy Hash: 7e42714fa4ecd24624004d01f201293f99d1568622c80844b2a5a24c8b83b2aa
                                                                                                • Instruction Fuzzy Hash: FE419234E01609ABCF16DF68C885A9FBBB5BF44324F158165E824AB392D731AE45CBD0
                                                                                                Function 003DC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 003DC913
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconLoad
                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                • API String ID: 2457776203-404129466
                                                                                                • Opcode ID: 44b599eb4e43165bf1852ee00357d9c829a02bd759c2e08c85fef418a2a75c55
                                                                                                • Instruction ID: d35aae2d8450f0757bd59bb523e4262b33547d8a87d06a47d8709c12b49e6900
                                                                                                • Opcode Fuzzy Hash: 44b599eb4e43165bf1852ee00357d9c829a02bd759c2e08c85fef418a2a75c55
                                                                                                • Instruction Fuzzy Hash: DB113D336B9307BAEB035B54FC93DAA27DCDF15324B61502BF500A6382D7745D00D268
                                                                                                Function 003DDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                • String ID: 0.0.0.0
                                                                                                • API String ID: 642191829-3771769585
                                                                                                • Opcode ID: 3aa2e1112a122a41d2064e2da2c4a490b905c3c234e1b791d247489b456bc441
                                                                                                • Instruction ID: 026239a97d86130f3d68c02fe984c54f63f7c088086c17edd1941f560f3caff9
                                                                                                • Opcode Fuzzy Hash: 3aa2e1112a122a41d2064e2da2c4a490b905c3c234e1b791d247489b456bc441
                                                                                                • Instruction Fuzzy Hash: 83110A72904105EFCB267B64EC4AEDE776CDF11711F01017AF445AE191EF749A818B54
                                                                                                Function 00409F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00409FC7
                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00409FE7
                                                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0040A224
                                                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0040A242
                                                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0040A263
                                                                                                • ShowWindow.USER32(00000003,00000000), ref: 0040A282
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040A2A7
                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 0040A2CA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                • String ID:
                                                                                                • API String ID: 1211466189-0
                                                                                                • Opcode ID: e2e20f2e66455bdda240a70c887612893eb9c57bb34265b480132b49986e57ab
                                                                                                • Instruction ID: ae0a1e7609f76d8671d2d01d56e617e47f45d03a366c45847434651d4519957f
                                                                                                • Opcode Fuzzy Hash: e2e20f2e66455bdda240a70c887612893eb9c57bb34265b480132b49986e57ab
                                                                                                • Instruction Fuzzy Hash: 79B19935600215EBDF14CF68C9857AA7BB2BF44701F0880BAEC45AF395DB39A950CB56
                                                                                                Function 003DED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$LocalTime
                                                                                                • String ID:
                                                                                                • API String ID: 952045576-0
                                                                                                • Opcode ID: 642d03c27b903aa901330ee4f66056aaa4beda0a0e4167ea3b0c2daf48aea430
                                                                                                • Instruction ID: fe7244ed7257e0cef523e0081e4f7c448afe3cf6e1e7d43281c91352370b136d
                                                                                                • Opcode Fuzzy Hash: 642d03c27b903aa901330ee4f66056aaa4beda0a0e4167ea3b0c2daf48aea430
                                                                                                • Instruction Fuzzy Hash: BB418166C1021875CF12FBB48C8B9CFB7A8AF45710F508962E558EB222FB34E255C3E5
                                                                                                Function 0038F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,003C682C,00000004,00000000,00000000), ref: 0038F953
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,003C682C,00000004,00000000,00000000), ref: 003CF3D1
                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,003C682C,00000004,00000000,00000000), ref: 003CF454
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ShowWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1268545403-0
                                                                                                • Opcode ID: bf8042bda7f9e5743f35035c1ef8e0d725549814d16663137f2c1aa9cbc7b614
                                                                                                • Instruction ID: 5ea3b9bc89bb5d330dc7c96a1ecca0d74a3a73d49c32d1b0bae5e4d82cd93f82
                                                                                                • Opcode Fuzzy Hash: bf8042bda7f9e5743f35035c1ef8e0d725549814d16663137f2c1aa9cbc7b614
                                                                                                • Instruction Fuzzy Hash: 0F412A35608780FED73BBB29C988B2A7B96AB56314F15457DE087A7960C736A880CB11
                                                                                                Function 00402D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteObject.GDI32(00000000), ref: 00402D1B
                                                                                                • GetDC.USER32(00000000), ref: 00402D23
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00402D2E
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00402D3A
                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00402D76
                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00402D87
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00405A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00402DC2
                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00402DE1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3864802216-0
                                                                                                • Opcode ID: c38bea09b39ea9f9c24ebb64b9d94c39580ca1b7a9944e3282e99458b880d1c7
                                                                                                • Instruction ID: 1be4d317e68232733c7121cc9e075da050426d62f86a185ec45976965bd32700
                                                                                                • Opcode Fuzzy Hash: c38bea09b39ea9f9c24ebb64b9d94c39580ca1b7a9944e3282e99458b880d1c7
                                                                                                • Instruction Fuzzy Hash: F9317F72201214BFEB214F50CD89FEB3BADEF09755F044165FE08AA2D1C6B59C51CBA8
                                                                                                Function 003D5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 2931989736-0
                                                                                                • Opcode ID: e4c496fecb08f274b85e314c38acb353ffffc8fafc487fea71dba04fe9179a93
                                                                                                • Instruction ID: fc276b970acabc494372bc924ca5e2bea64c7542b43b8c6c101d751fd7a11a1b
                                                                                                • Opcode Fuzzy Hash: e4c496fecb08f274b85e314c38acb353ffffc8fafc487fea71dba04fe9179a93
                                                                                                • Instruction Fuzzy Hash: 1221AA67645A09B7E6175520AD82FBA336CAF11385F640033FD047EB81F734ED1485A9
                                                                                                Function 003F4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                • API String ID: 0-572801152
                                                                                                • Opcode ID: 5fe9016a332d053d02f52308c4da112a0ef74a806c3bcdb019aa3a19c169ac0d
                                                                                                • Instruction ID: 248aad4d44aa40b588ce8044aea742e16d093d195ee5abf4a130e074daafc6e1
                                                                                                • Opcode Fuzzy Hash: 5fe9016a332d053d02f52308c4da112a0ef74a806c3bcdb019aa3a19c169ac0d
                                                                                                • Instruction Fuzzy Hash: 54D1B175A0060EAFDF11CFA8C880BBEB7B5BF48344F158569EA15AB281D770ED45CB90
                                                                                                Function 003B1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCPInfo.KERNEL32(?,?), ref: 003B15CE
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003B1651
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003B16E4
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003B16FB
                                                                                                  • Part of subcall function 003A3820: RtlAllocateHeap.NTDLL(00000000,?,00441444,?,0038FDF5,?,?,0037A976,00000010,00441440,003713FC,?,003713C6,?,00371129), ref: 003A3852
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003B1777
                                                                                                • __freea.LIBCMT ref: 003B17A2
                                                                                                • __freea.LIBCMT ref: 003B17AE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                • String ID:
                                                                                                • API String ID: 2829977744-0
                                                                                                • Opcode ID: 29acf06168ccb87c1ba72878dee5fcb22a21e556a91c85ac0159281d80067195
                                                                                                • Instruction ID: 9b1021d397ba27e579c26af9d7d25a08928d80a20a20accad3f75ee4c8a38f99
                                                                                                • Opcode Fuzzy Hash: 29acf06168ccb87c1ba72878dee5fcb22a21e556a91c85ac0159281d80067195
                                                                                                • Instruction Fuzzy Hash: 0891E971E102069EDF228F74C8A2AEF7BB5DF46318F950629EA01E7540DB35CC44C760
                                                                                                Function 003F4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit
                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                • API String ID: 2610073882-625585964
                                                                                                • Opcode ID: 57589503d59e5d2abe79d093313f3e763c9f243ca8ad070d6a6047ec80cea3df
                                                                                                • Instruction ID: 2e1d13ce97047e6488376848379725e4556f6ac140c7cff9704e8dd3833dc195
                                                                                                • Opcode Fuzzy Hash: 57589503d59e5d2abe79d093313f3e763c9f243ca8ad070d6a6047ec80cea3df
                                                                                                • Instruction Fuzzy Hash: 53919D71A00219ABDF25DFA5C884FBFBBB8EF46710F108569F615AB280D7709945CFA0
                                                                                                Function 003E1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 003E125C
                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 003E1284
                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 003E12A8
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003E12D8
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003E135F
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003E13C4
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003E1430
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                • String ID:
                                                                                                • API String ID: 2550207440-0
                                                                                                • Opcode ID: 4c629720526cbebeb4f7f5903f777b2b1243cebebdc845d789563c6431a83344
                                                                                                • Instruction ID: ad68eafa304078e9b2e45ca8462a5d07c78bd4e85447d1b9ab3b699131249b86
                                                                                                • Opcode Fuzzy Hash: 4c629720526cbebeb4f7f5903f777b2b1243cebebdc845d789563c6431a83344
                                                                                                • Instruction Fuzzy Hash: B191E175A00268DFDB02DFA6C885BBEB7B9FF45314F114629EA00EB2D1D774A941CB90
                                                                                                Function 0038948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                • String ID:
                                                                                                • API String ID: 3225163088-0
                                                                                                • Opcode ID: b058a5661b5c1c8d2fa9f4f651a84730e0ac6744a16d6505b2061966bbd7c414
                                                                                                • Instruction ID: 35685665b2642e265abae0366d339d0228d27087be00e7ec2ff107786df6aa35
                                                                                                • Opcode Fuzzy Hash: b058a5661b5c1c8d2fa9f4f651a84730e0ac6744a16d6505b2061966bbd7c414
                                                                                                • Instruction Fuzzy Hash: 42911771900219EFCB11DFA9C884AEEBBB8FF49320F18459AE915B7251D374AA41CF60
                                                                                                Function 003F3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 003F396B
                                                                                                • CharUpperBuffW.USER32(?,?), ref: 003F3A7A
                                                                                                • _wcslen.LIBCMT ref: 003F3A8A
                                                                                                • VariantClear.OLEAUT32(?), ref: 003F3C1F
                                                                                                  • Part of subcall function 003E0CDF: VariantInit.OLEAUT32(00000000), ref: 003E0D1F
                                                                                                  • Part of subcall function 003E0CDF: VariantCopy.OLEAUT32(?,?), ref: 003E0D28
                                                                                                  • Part of subcall function 003E0CDF: VariantClear.OLEAUT32(?), ref: 003E0D34
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                • API String ID: 4137639002-1221869570
                                                                                                • Opcode ID: 8754023ae855aeda738fbd9e0bd50a31f591f0da545e59fdd40edf9cc5e42434
                                                                                                • Instruction ID: 7f68eae111bab92acd3eaec91fbf816571a1bfce21cf937cbebcb1be5b1f2f4d
                                                                                                • Opcode Fuzzy Hash: 8754023ae855aeda738fbd9e0bd50a31f591f0da545e59fdd40edf9cc5e42434
                                                                                                • Instruction Fuzzy Hash: 59918A746083059FCB15EF28C48196AB7E4FF88314F14896EF98A9B351DB31EE45CB92
                                                                                                Function 003F4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?,?,?,003D035E), ref: 003D002B
                                                                                                  • Part of subcall function 003D000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?,?), ref: 003D0046
                                                                                                  • Part of subcall function 003D000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?,?), ref: 003D0054
                                                                                                  • Part of subcall function 003D000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?), ref: 003D0064
                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 003F4C51
                                                                                                • _wcslen.LIBCMT ref: 003F4D59
                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 003F4DCF
                                                                                                • CoTaskMemFree.OLE32(?), ref: 003F4DDA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                • String ID: NULL Pointer assignment
                                                                                                • API String ID: 614568839-2785691316
                                                                                                • Opcode ID: 685d8e292f9051ee65b8e8638fc0f37f2dc0baa0458cd8902018dab88f046eb2
                                                                                                • Instruction ID: dcfad94634e0fe26a872d5754c44b64ac93723844a3136235f71da597f0a918e
                                                                                                • Opcode Fuzzy Hash: 685d8e292f9051ee65b8e8638fc0f37f2dc0baa0458cd8902018dab88f046eb2
                                                                                                • Instruction Fuzzy Hash: C2910A71D0021DEFDF26DFA4D891EEEB7B8BF48314F10816AE519AB251DB349A448F60
                                                                                                Function 004020FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenu.USER32(?), ref: 00402183
                                                                                                • GetMenuItemCount.USER32(00000000), ref: 004021B5
                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004021DD
                                                                                                • _wcslen.LIBCMT ref: 00402213
                                                                                                • GetMenuItemID.USER32(?,?), ref: 0040224D
                                                                                                • GetSubMenu.USER32(?,?), ref: 0040225B
                                                                                                  • Part of subcall function 003D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003D3A57
                                                                                                  • Part of subcall function 003D3A3D: GetCurrentThreadId.KERNEL32 ref: 003D3A5E
                                                                                                  • Part of subcall function 003D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003D25B3), ref: 003D3A65
                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 004022E3
                                                                                                  • Part of subcall function 003DE97B: Sleep.KERNEL32 ref: 003DE9F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 4196846111-0
                                                                                                • Opcode ID: 30f274e8b1653ff3d0b7414fb9255c76168b895fa20ede1fc2d8a8e92d24cd4c
                                                                                                • Instruction ID: 119edc1eeb309ebbf6aa019364f9eb206b0bec22743727bc6e7a4db5f901f08f
                                                                                                • Opcode Fuzzy Hash: 30f274e8b1653ff3d0b7414fb9255c76168b895fa20ede1fc2d8a8e92d24cd4c
                                                                                                • Instruction Fuzzy Hash: 4A718375A00215AFCB11EFA4C985AAEB7F5EF48310F1484A9E816FB381D778ED418B94
                                                                                                Function 00407E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00DC5AA8), ref: 00407F37
                                                                                                • IsWindowEnabled.USER32(00DC5AA8), ref: 00407F43
                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0040801E
                                                                                                • SendMessageW.USER32(00DC5AA8,000000B0,?,?), ref: 00408051
                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00408089
                                                                                                • GetWindowLongW.USER32(00DC5AA8,000000EC), ref: 004080AB
                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 004080C3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                • String ID:
                                                                                                • API String ID: 4072528602-0
                                                                                                • Opcode ID: 3236a3f9ed6d23d597ffebd70e58f9c3629a71c16fe2bc0fa922076ce43b9f27
                                                                                                • Instruction ID: 7ce6141934f3dbde6637f7d59dcd4913bde57a0f837cc5057b21c9f2223afae4
                                                                                                • Opcode Fuzzy Hash: 3236a3f9ed6d23d597ffebd70e58f9c3629a71c16fe2bc0fa922076ce43b9f27
                                                                                                • Instruction Fuzzy Hash: DA719134A08205AFEF219F54C984FAB7BB5EF09300F14447AE945A73E1CB39B845DB29
                                                                                                Function 003DAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(?), ref: 003DAEF9
                                                                                                • GetKeyboardState.USER32(?), ref: 003DAF0E
                                                                                                • SetKeyboardState.USER32(?), ref: 003DAF6F
                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 003DAF9D
                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 003DAFBC
                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 003DAFFD
                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 003DB020
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 87235514-0
                                                                                                • Opcode ID: 891f3067d93fafee15b42e649df282b7f38da3ad0a3c91c77010722181a4869a
                                                                                                • Instruction ID: 2bde09360076d66d81dd5b666d7b41b372bdb14924394bb6e7ccd57c2ee1679b
                                                                                                • Opcode Fuzzy Hash: 891f3067d93fafee15b42e649df282b7f38da3ad0a3c91c77010722181a4869a
                                                                                                • Instruction Fuzzy Hash: 335103A2A04BD57DFB3343349C45BBBBEE95B06304F0A898AE1D9559C2C3D8ADC8D351
                                                                                                Function 003DACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(00000000), ref: 003DAD19
                                                                                                • GetKeyboardState.USER32(?), ref: 003DAD2E
                                                                                                • SetKeyboardState.USER32(?), ref: 003DAD8F
                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 003DADBB
                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 003DADD8
                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 003DAE17
                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 003DAE38
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 87235514-0
                                                                                                • Opcode ID: bae9a32ef09c82999887f15345d4d5a57f66901b1e26f2851ad27d81232b31c7
                                                                                                • Instruction ID: 920769793d57a9e3b24b53e4c21bcc1a6800688ee594826ef8ea8c5824fe26cf
                                                                                                • Opcode Fuzzy Hash: bae9a32ef09c82999887f15345d4d5a57f66901b1e26f2851ad27d81232b31c7
                                                                                                • Instruction Fuzzy Hash: 54512AA3504BD53DFB334334DD55B7ABF996B06300F09898AE0D546AC2C394EC98E362
                                                                                                Function 003A542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetConsoleCP.KERNEL32(003B3CD6,?,?,?,?,?,?,?,?,003A5BA3,?,?,003B3CD6,?,?), ref: 003A5470
                                                                                                • __fassign.LIBCMT ref: 003A54EB
                                                                                                • __fassign.LIBCMT ref: 003A5506
                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,003B3CD6,00000005,00000000,00000000), ref: 003A552C
                                                                                                • WriteFile.KERNEL32(?,003B3CD6,00000000,003A5BA3,00000000,?,?,?,?,?,?,?,?,?,003A5BA3,?), ref: 003A554B
                                                                                                • WriteFile.KERNEL32(?,?,00000001,003A5BA3,00000000,?,?,?,?,?,?,?,?,?,003A5BA3,?), ref: 003A5584
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                • String ID:
                                                                                                • API String ID: 1324828854-0
                                                                                                • Opcode ID: a82b23714d93a5bf9d298251f9682e2829c0a3f9cc10321497dc29863b06f9cf
                                                                                                • Instruction ID: ca9b67b8cdaee76c2a193f2af34197dff163c1b15b7dcbb9d225d39953ca9e7a
                                                                                                • Opcode Fuzzy Hash: a82b23714d93a5bf9d298251f9682e2829c0a3f9cc10321497dc29863b06f9cf
                                                                                                • Instruction Fuzzy Hash: 5551C571E006499FDB11CFA8D885AEEBBF9EF0A300F14412AF956E7291D730DA45CB64
                                                                                                Function 003F10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003F307A
                                                                                                  • Part of subcall function 003F304E: _wcslen.LIBCMT ref: 003F309B
                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 003F1112
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F1121
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F11C9
                                                                                                • closesocket.WSOCK32(00000000), ref: 003F11F9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                • String ID:
                                                                                                • API String ID: 2675159561-0
                                                                                                • Opcode ID: 0936ee9880f1e68a83bdbbe05f8e6a49c6e0ac998e8027fc41c9a6567621ad34
                                                                                                • Instruction ID: 147c845c5099f860d8232e389ad60ca816ecd76c469f869591c0684b68cb8d61
                                                                                                • Opcode Fuzzy Hash: 0936ee9880f1e68a83bdbbe05f8e6a49c6e0ac998e8027fc41c9a6567621ad34
                                                                                                • Instruction Fuzzy Hash: 2B41D431600208EFDB219F24D885BBAB7E9EF45324F148169FA19AF291C774AD41CBE5
                                                                                                Function 003DCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003DCF22,?), ref: 003DDDFD
                                                                                                  • Part of subcall function 003DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003DCF22,?), ref: 003DDE16
                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 003DCF45
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 003DCF7F
                                                                                                • _wcslen.LIBCMT ref: 003DD005
                                                                                                • _wcslen.LIBCMT ref: 003DD01B
                                                                                                • SHFileOperationW.SHELL32(?), ref: 003DD061
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 3164238972-1173974218
                                                                                                • Opcode ID: 58fbcc52cf14a05b4fa85b9da9d0aab39ddb5d52344b7911d2e9a2a0cd380064
                                                                                                • Instruction ID: 480e316087b1ff632e4de6dbe055005925f76eb6087d65a160e24000485b5826
                                                                                                • Opcode Fuzzy Hash: 58fbcc52cf14a05b4fa85b9da9d0aab39ddb5d52344b7911d2e9a2a0cd380064
                                                                                                • Instruction Fuzzy Hash: 714156729552199FDF13EBA4D981EDDB7BDAF08780F1000E7E509EB241EB34A648CB50
                                                                                                Function 00402DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00402E1C
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00402E4F
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00402E84
                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00402EB6
                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00402EE0
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00402EF1
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00402F0B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 2178440468-0
                                                                                                • Opcode ID: 539af94d766928d004d985f5f1874b385dd7531e2097d5495ea5450a56d92259
                                                                                                • Instruction ID: d3cccf2422f1d46d505961081031bee019b921736404247e78e31c904dd6afc9
                                                                                                • Opcode Fuzzy Hash: 539af94d766928d004d985f5f1874b385dd7531e2097d5495ea5450a56d92259
                                                                                                • Instruction Fuzzy Hash: AF310734684150EFDB21CF58DE88F6637E5EB8A750F150176FA04AB2F1CBB5A840DB89
                                                                                                Function 003D7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003D7769
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003D778F
                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 003D7792
                                                                                                • SysAllocString.OLEAUT32(?), ref: 003D77B0
                                                                                                • SysFreeString.OLEAUT32(?), ref: 003D77B9
                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 003D77DE
                                                                                                • SysAllocString.OLEAUT32(?), ref: 003D77EC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                • String ID:
                                                                                                • API String ID: 3761583154-0
                                                                                                • Opcode ID: 5dca6f613e6b5e2e53b207f447c30a5a91a0fcf240dfca7d3f191812658ecebf
                                                                                                • Instruction ID: 4ad2638a2898fb0983182720c7810614b34824a7e2c6bae065f6eaeef5b7e18a
                                                                                                • Opcode Fuzzy Hash: 5dca6f613e6b5e2e53b207f447c30a5a91a0fcf240dfca7d3f191812658ecebf
                                                                                                • Instruction Fuzzy Hash: DA21B076604219AFDB11EFB8DC88CBB73ACFB093647008926FA14DB290E670DC418B64
                                                                                                Function 003D77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003D7842
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003D7868
                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 003D786B
                                                                                                • SysAllocString.OLEAUT32 ref: 003D788C
                                                                                                • SysFreeString.OLEAUT32 ref: 003D7895
                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 003D78AF
                                                                                                • SysAllocString.OLEAUT32(?), ref: 003D78BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                • String ID:
                                                                                                • API String ID: 3761583154-0
                                                                                                • Opcode ID: 2149f93f7171a866a9e5e1aba0972a3875ef9a71b8255ee86478aae17cc2a6d4
                                                                                                • Instruction ID: 36bba7f77379beca84655be5867aff107ff56716361638807e24a4ea40029c8b
                                                                                                • Opcode Fuzzy Hash: 2149f93f7171a866a9e5e1aba0972a3875ef9a71b8255ee86478aae17cc2a6d4
                                                                                                • Instruction Fuzzy Hash: 3F218632604204EFDB11AFB8DC8EDAA77ECFB097607118126F915DB2A1E670DC41DB68
                                                                                                Function 003E04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 003E04F2
                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003E052E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHandlePipe
                                                                                                • String ID: nul
                                                                                                • API String ID: 1424370930-2873401336
                                                                                                • Opcode ID: 7f023ce5379895187af463a2121e1c38e7f73502821c0fa01cf85303614a5e8e
                                                                                                • Instruction ID: 76f7675ac2fcf7048197b089497155198802cfd00e169af3dbb66d4d0f8aab04
                                                                                                • Opcode Fuzzy Hash: 7f023ce5379895187af463a2121e1c38e7f73502821c0fa01cf85303614a5e8e
                                                                                                • Instruction Fuzzy Hash: D1218D75504355EBDB259F2ADC44A9A77B8AF46724F204B29F8E1E62E0D7B0D980CF20
                                                                                                Function 003E05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 003E05C6
                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003E0601
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHandlePipe
                                                                                                • String ID: nul
                                                                                                • API String ID: 1424370930-2873401336
                                                                                                • Opcode ID: 9ee1400e97b54fd03ea7d898cadfde03f4130c13ce73f235e6af0614ee86564a
                                                                                                • Instruction ID: 32c63cbc17a9267e8526e159086d064b3d1630e399e43d283ce3c9162fef36c1
                                                                                                • Opcode Fuzzy Hash: 9ee1400e97b54fd03ea7d898cadfde03f4130c13ce73f235e6af0614ee86564a
                                                                                                • Instruction Fuzzy Hash: 02219F35500365DBDB259F6A9C44B9A77A8EF85720F200B19E8A1E72E0D7B098A0CB14
                                                                                                Function 004040AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0037600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0037604C
                                                                                                  • Part of subcall function 0037600E: GetStockObject.GDI32(00000011), ref: 00376060
                                                                                                  • Part of subcall function 0037600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0037606A
                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00404112
                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0040411F
                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0040412A
                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00404139
                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00404145
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                • String ID: Msctls_Progress32
                                                                                                • API String ID: 1025951953-3636473452
                                                                                                • Opcode ID: e7d426e5f884652880c4722bb6f3521353b51b38edfbe5a075884771f407c4f7
                                                                                                • Instruction ID: 8aa0cab16fec5c3c3d333e99afab9de84d0676911ea25425d83e85c8a3cbaf53
                                                                                                • Opcode Fuzzy Hash: e7d426e5f884652880c4722bb6f3521353b51b38edfbe5a075884771f407c4f7
                                                                                                • Instruction Fuzzy Hash: 6311B6B214011DBEEF219F64CC86EE77F5DEF08798F004121B718A6190CB769C61DBA4
                                                                                                Function 003AD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003AD7A3: _free.LIBCMT ref: 003AD7CC
                                                                                                • _free.LIBCMT ref: 003AD82D
                                                                                                  • Part of subcall function 003A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000), ref: 003A29DE
                                                                                                  • Part of subcall function 003A29C8: GetLastError.KERNEL32(00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000,00000000), ref: 003A29F0
                                                                                                • _free.LIBCMT ref: 003AD838
                                                                                                • _free.LIBCMT ref: 003AD843
                                                                                                • _free.LIBCMT ref: 003AD897
                                                                                                • _free.LIBCMT ref: 003AD8A2
                                                                                                • _free.LIBCMT ref: 003AD8AD
                                                                                                • _free.LIBCMT ref: 003AD8B8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                • Instruction ID: 1fb63285f9c56c4f7c83b1c46e82600fd9d055a38eb6ea40749a365d986213d5
                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                • Instruction Fuzzy Hash: 31112171540B04AAD567BFB0CC4BFCB7BDCEF07700F404829B29AAE8A2DB67B5154651
                                                                                                Function 003DDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 003DDA74
                                                                                                • LoadStringW.USER32(00000000), ref: 003DDA7B
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 003DDA91
                                                                                                • LoadStringW.USER32(00000000), ref: 003DDA98
                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003DDADC
                                                                                                Strings
                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 003DDAB9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                • API String ID: 4072794657-3128320259
                                                                                                • Opcode ID: f1168b336655925d872902093b5c6f8b51090074e6c2c91d9b4c8e562d6fdd52
                                                                                                • Instruction ID: 4a3714a1a480eca7f9cf81999cc6d2d97784ae2563232b7c44d4c378d782de68
                                                                                                • Opcode Fuzzy Hash: f1168b336655925d872902093b5c6f8b51090074e6c2c91d9b4c8e562d6fdd52
                                                                                                • Instruction Fuzzy Hash: 860162F6900208BFE7119BA49EC9EE7326CE708301F4449A2B706F6081E6749E844F78
                                                                                                Function 003E096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InterlockedExchange.KERNEL32(00DBEEE0,00DBEEE0), ref: 003E097B
                                                                                                • EnterCriticalSection.KERNEL32(00DBEEC0,00000000), ref: 003E098D
                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 003E099B
                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 003E09A9
                                                                                                • CloseHandle.KERNEL32(?), ref: 003E09B8
                                                                                                • InterlockedExchange.KERNEL32(00DBEEE0,000001F6), ref: 003E09C8
                                                                                                • LeaveCriticalSection.KERNEL32(00DBEEC0), ref: 003E09CF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                • String ID:
                                                                                                • API String ID: 3495660284-0
                                                                                                • Opcode ID: f2a896317e966c60ae4e53948426d34895af459c1a389a75e198bc919f84fb05
                                                                                                • Instruction ID: 2b0e951a412a50a6beefea964218dae10655f6b3786ea0723c5317fe73ef07fb
                                                                                                • Opcode Fuzzy Hash: f2a896317e966c60ae4e53948426d34895af459c1a389a75e198bc919f84fb05
                                                                                                • Instruction Fuzzy Hash: 94F01D31442512EBD7465FA4EFC8AD67A25BF01702F401225F10160CA1C7749465CF94
                                                                                                Function 00375D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClientRect.USER32(?,?), ref: 00375D30
                                                                                                • GetWindowRect.USER32(?,?), ref: 00375D71
                                                                                                • ScreenToClient.USER32(?,?), ref: 00375D99
                                                                                                • GetClientRect.USER32(?,?), ref: 00375ED7
                                                                                                • GetWindowRect.USER32(?,?), ref: 00375EF8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                • String ID:
                                                                                                • API String ID: 1296646539-0
                                                                                                • Opcode ID: 020190b694d7c7e8b4a46dc34c03cc4fb20a9a6188e5776dd11bce4e40bd2e97
                                                                                                • Instruction ID: 2c98f641540071af1270a095661121c54be55c69d1b9c5be3ee84340a89c51c9
                                                                                                • Opcode Fuzzy Hash: 020190b694d7c7e8b4a46dc34c03cc4fb20a9a6188e5776dd11bce4e40bd2e97
                                                                                                • Instruction Fuzzy Hash: CAB18834A00B4ADBDB25CFA9C4807EEB7F1FF48310F14851AE8A9D7A50DB34AA50DB54
                                                                                                Function 003A01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __allrem.LIBCMT ref: 003A00BA
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003A00D6
                                                                                                • __allrem.LIBCMT ref: 003A00ED
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003A010B
                                                                                                • __allrem.LIBCMT ref: 003A0122
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003A0140
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                • String ID:
                                                                                                • API String ID: 1992179935-0
                                                                                                • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                • Instruction ID: 75437bfd2d9815ef6c844d77a7f14b00d2c3029fd4eee3eec147697f53783b1a
                                                                                                • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                • Instruction Fuzzy Hash: FF811776A007069FEB269F78CC41BABB3E8EF42724F25463AF551DB681E774D9008B50
                                                                                                Function 003F1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003F3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,003F101C,00000000,?,?,00000000), ref: 003F3195
                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 003F1DC0
                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 003F1DE1
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F1DF2
                                                                                                • inet_ntoa.WSOCK32(?), ref: 003F1E8C
                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 003F1EDB
                                                                                                • _strlen.LIBCMT ref: 003F1F35
                                                                                                  • Part of subcall function 003D39E8: _strlen.LIBCMT ref: 003D39F2
                                                                                                  • Part of subcall function 00376D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0038CF58,?,?,?), ref: 00376DBA
                                                                                                  • Part of subcall function 00376D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0038CF58,?,?,?), ref: 00376DED
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                • String ID:
                                                                                                • API String ID: 1923757996-0
                                                                                                • Opcode ID: 4351cd76e665598bb607a6ce7d8eb72d8506cd755179316275dfa148a814818c
                                                                                                • Instruction ID: f569d7e634c2c6e543e293f5860b493be9e8d027b6d463b0179f7399698695fb
                                                                                                • Opcode Fuzzy Hash: 4351cd76e665598bb607a6ce7d8eb72d8506cd755179316275dfa148a814818c
                                                                                                • Instruction Fuzzy Hash: 1AA1CE31104344EFC326EB20D895F3AB7A5AF85318F548A5CF55A5F2A2CB31ED46CB92
                                                                                                Function 003A61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003982D9,003982D9,?,?,?,003A644F,00000001,00000001,8BE85006), ref: 003A6258
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,003A644F,00000001,00000001,8BE85006,?,?,?), ref: 003A62DE
                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 003A63D8
                                                                                                • __freea.LIBCMT ref: 003A63E5
                                                                                                  • Part of subcall function 003A3820: RtlAllocateHeap.NTDLL(00000000,?,00441444,?,0038FDF5,?,?,0037A976,00000010,00441440,003713FC,?,003713C6,?,00371129), ref: 003A3852
                                                                                                • __freea.LIBCMT ref: 003A63EE
                                                                                                • __freea.LIBCMT ref: 003A6413
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1414292761-0
                                                                                                • Opcode ID: e40a2c737b88fd044169f8f5916ddf5c668b0fb4b6e65b22ea8f02179c510b6d
                                                                                                • Instruction ID: 8105d3485dbc01e21882946602313c07c1805ef7e1ca540e16169715d044424e
                                                                                                • Opcode Fuzzy Hash: e40a2c737b88fd044169f8f5916ddf5c668b0fb4b6e65b22ea8f02179c510b6d
                                                                                                • Instruction Fuzzy Hash: 4D51B472A00216AFDF278F64CC82EAF77A9EF46750F1A4629FD05DA190DB34DC45C660
                                                                                                Function 003FBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003FB6AE,?,?), ref: 003FC9B5
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FC9F1
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA68
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003FBCCA
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003FBD25
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 003FBD6A
                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 003FBD99
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003FBDF3
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 003FBDFF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                • String ID:
                                                                                                • API String ID: 1120388591-0
                                                                                                • Opcode ID: 45635620309cdd07c9a47e7e1d73ce1fbb9661423853fc66ae931d7df2592d37
                                                                                                • Instruction ID: abafbda6018fa209eb918f49d1b59915671d34fde84455e870329a07cc0d61eb
                                                                                                • Opcode Fuzzy Hash: 45635620309cdd07c9a47e7e1d73ce1fbb9661423853fc66ae931d7df2592d37
                                                                                                • Instruction Fuzzy Hash: 7581A070208245EFD716DF24C881E2ABBE9FF84308F14856DF5594B2A2DB31ED45CB92
                                                                                                Function 003CF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(00000035), ref: 003CF7B9
                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 003CF860
                                                                                                • VariantCopy.OLEAUT32(003CFA64,00000000), ref: 003CF889
                                                                                                • VariantClear.OLEAUT32(003CFA64), ref: 003CF8AD
                                                                                                • VariantCopy.OLEAUT32(003CFA64,00000000), ref: 003CF8B1
                                                                                                • VariantClear.OLEAUT32(?), ref: 003CF8BB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                • String ID:
                                                                                                • API String ID: 3859894641-0
                                                                                                • Opcode ID: a8ac0ba6bf0103afa9cd2fa5f63adf858d8355242c76876f84c7f58ebdf4d077
                                                                                                • Instruction ID: 4c38ba58cd43c2266a16a2e02f637dbfa94e28da7d94124710346a8654e227c1
                                                                                                • Opcode Fuzzy Hash: a8ac0ba6bf0103afa9cd2fa5f63adf858d8355242c76876f84c7f58ebdf4d077
                                                                                                • Instruction Fuzzy Hash: 0A51D135600310FFCF26AB65D895F29B3AAEF45310B20956BE906EF295DB748C40CB97
                                                                                                Function 003E910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00377620: _wcslen.LIBCMT ref: 00377625
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 003E94E5
                                                                                                • _wcslen.LIBCMT ref: 003E9506
                                                                                                • _wcslen.LIBCMT ref: 003E952D
                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 003E9585
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                • String ID: X
                                                                                                • API String ID: 83654149-3081909835
                                                                                                • Opcode ID: c09dceaf92d515fad03e04702c86c28cba51d57886eff7f69927768886de6713
                                                                                                • Instruction ID: 305132647472c3ccc2c474306d4426e4e83831ff784e4a39fc6c12be2708a2de
                                                                                                • Opcode Fuzzy Hash: c09dceaf92d515fad03e04702c86c28cba51d57886eff7f69927768886de6713
                                                                                                • Instruction Fuzzy Hash: D9E1C2305043509FD726DF25C481B6AB7E4BF85314F058A6EF8899B2E2DB30ED05CB92
                                                                                                Function 0038920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • BeginPaint.USER32(?,?,?), ref: 00389241
                                                                                                • GetWindowRect.USER32(?,?), ref: 003892A5
                                                                                                • ScreenToClient.USER32(?,?), ref: 003892C2
                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 003892D3
                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00389321
                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 003C71EA
                                                                                                  • Part of subcall function 00389339: BeginPath.GDI32(00000000), ref: 00389357
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                • String ID:
                                                                                                • API String ID: 3050599898-0
                                                                                                • Opcode ID: 6e7d5bab1bbfcfb6532411cd0a79b5f14e97dd985f92443a0e14c45a4427d077
                                                                                                • Instruction ID: a6a0eee0223402cf336cfb27df321a88f428b88a7c5d80b621bf3becaabb1561
                                                                                                • Opcode Fuzzy Hash: 6e7d5bab1bbfcfb6532411cd0a79b5f14e97dd985f92443a0e14c45a4427d077
                                                                                                • Instruction Fuzzy Hash: D8418074104300EFD722EF24D885FBA7BA8EB4A320F18066AF9959B1F1C7719845DB65
                                                                                                Function 003E07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 003E080C
                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 003E0847
                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 003E0863
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 003E08DC
                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 003E08F3
                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 003E0921
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                • String ID:
                                                                                                • API String ID: 3368777196-0
                                                                                                • Opcode ID: 6562dc36da92727d638c2908464dde21c6796c40907c17c70ed718a9d9fd2304
                                                                                                • Instruction ID: 31fec14e673ff73b9ab8a971c2cb2309c4186f35b5266b0f5f2ecb0d31947f2e
                                                                                                • Opcode Fuzzy Hash: 6562dc36da92727d638c2908464dde21c6796c40907c17c70ed718a9d9fd2304
                                                                                                • Instruction Fuzzy Hash: C9415A71900205EFDF15AF54DC85A6AB778FF44300B1441A9E900AE297DB70EE60DBA4
                                                                                                Function 004081DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,003CF3AB,00000000,?,?,00000000,?,003C682C,00000004,00000000,00000000), ref: 0040824C
                                                                                                • EnableWindow.USER32(?,00000000), ref: 00408272
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 004082D1
                                                                                                • ShowWindow.USER32(?,00000004), ref: 004082E5
                                                                                                • EnableWindow.USER32(?,00000001), ref: 0040830B
                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0040832F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 642888154-0
                                                                                                • Opcode ID: e8d672a699b6861628bad4a8c1b730ac3eaf91633c746b4f985c6b3034711a77
                                                                                                • Instruction ID: 7a4967caaecb2dbbe0340c3b4b31896dd3f68e0010469eee2b03e6d2878326c0
                                                                                                • Opcode Fuzzy Hash: e8d672a699b6861628bad4a8c1b730ac3eaf91633c746b4f985c6b3034711a77
                                                                                                • Instruction Fuzzy Hash: 94419534601644EFDF21CF15CA99FA57BE0BB4A714F1842BEE9486B2F2CB365841CB58
                                                                                                Function 003D4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindowVisible.USER32(?), ref: 003D4C95
                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003D4CB2
                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003D4CEA
                                                                                                • _wcslen.LIBCMT ref: 003D4D08
                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 003D4D10
                                                                                                • _wcsstr.LIBVCRUNTIME ref: 003D4D1A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                • String ID:
                                                                                                • API String ID: 72514467-0
                                                                                                • Opcode ID: 4afaeda1eccecddad5c5b8f3953b11c64f87cc8450ba58fb803ebca59b33c7f8
                                                                                                • Instruction ID: 97f448390abb293e0ea0974a777354668a9d5293a88bc4e31e3c65ce7ffd0d42
                                                                                                • Opcode Fuzzy Hash: 4afaeda1eccecddad5c5b8f3953b11c64f87cc8450ba58fb803ebca59b33c7f8
                                                                                                • Instruction Fuzzy Hash: 0B210432204200BBEB266B39BC49E7B7B9DDF45750F10807AF809DA292EA71DC4187A0
                                                                                                Function 003E581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00373AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00373A97,?,?,00372E7F,?,?,?,00000000), ref: 00373AC2
                                                                                                • _wcslen.LIBCMT ref: 003E587B
                                                                                                • CoInitialize.OLE32(00000000), ref: 003E5995
                                                                                                • CoCreateInstance.OLE32(0040FCF8,00000000,00000001,0040FB68,?), ref: 003E59AE
                                                                                                • CoUninitialize.OLE32 ref: 003E59CC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                • String ID: .lnk
                                                                                                • API String ID: 3172280962-24824748
                                                                                                • Opcode ID: 50b6c061d9cf875354b715712f61bb7d070457b3a38c3c5c5295d24e544c1e37
                                                                                                • Instruction ID: 499aa0f1ec5cf9ccd959bcb4325fba6b3e22b84df5c532ec94f28dd9df74c658
                                                                                                • Opcode Fuzzy Hash: 50b6c061d9cf875354b715712f61bb7d070457b3a38c3c5c5295d24e544c1e37
                                                                                                • Instruction Fuzzy Hash: 33D17571604711DFC716DF25C480A6ABBE1EF89728F118A5DF8899B3A2C731EC05CB92
                                                                                                Function 003D175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003D0FCA
                                                                                                  • Part of subcall function 003D0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003D0FD6
                                                                                                  • Part of subcall function 003D0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003D0FE5
                                                                                                  • Part of subcall function 003D0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003D0FEC
                                                                                                  • Part of subcall function 003D0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003D1002
                                                                                                • GetLengthSid.ADVAPI32(?,00000000,003D1335), ref: 003D17AE
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 003D17BA
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 003D17C1
                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 003D17DA
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,003D1335), ref: 003D17EE
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D17F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                • String ID:
                                                                                                • API String ID: 3008561057-0
                                                                                                • Opcode ID: ccb4ebe1d8da6e3546aa5b5c2f1a16d0cb425338b4988400259f8a253d9a6658
                                                                                                • Instruction ID: b9d170ea41431abb81620f5d0cfcdfe0666d95604510aba71e6e6ca962d32a2e
                                                                                                • Opcode Fuzzy Hash: ccb4ebe1d8da6e3546aa5b5c2f1a16d0cb425338b4988400259f8a253d9a6658
                                                                                                • Instruction Fuzzy Hash: D711BE72600205FFDB219FA4ED89FAF7BB9FB45355F10422AF441AB220C736A940CB60
                                                                                                Function 003D14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 003D14FF
                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 003D1506
                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 003D1515
                                                                                                • CloseHandle.KERNEL32(00000004), ref: 003D1520
                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003D154F
                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 003D1563
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                • String ID:
                                                                                                • API String ID: 1413079979-0
                                                                                                • Opcode ID: 21319b6b5a886f0dc47702a6d7d432ad549356c6b8ad34394440252c2681207b
                                                                                                • Instruction ID: 73b6424108ae8d806e2bafcc8a85b4a6eef0dde5561ac9c91036c46aa2b22cdf
                                                                                                • Opcode Fuzzy Hash: 21319b6b5a886f0dc47702a6d7d432ad549356c6b8ad34394440252c2681207b
                                                                                                • Instruction Fuzzy Hash: 47112972500209FBDF128FA8EE49BDE7BB9EF49744F058125FA05A21A0C3758E60DB60
                                                                                                Function 00393382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,00393379,00392FE5), ref: 00393390
                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0039339E
                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003933B7
                                                                                                • SetLastError.KERNEL32(00000000,?,00393379,00392FE5), ref: 00393409
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                • String ID:
                                                                                                • API String ID: 3852720340-0
                                                                                                • Opcode ID: 8a4b2a6be941dd8f3504141438609e809d90be37a8212b280fb6d868e4e16b04
                                                                                                • Instruction ID: 623a69b721445398cd6f76b0cf36ecf48f1021f0eac634963cdfcd1f5ee7c625
                                                                                                • Opcode Fuzzy Hash: 8a4b2a6be941dd8f3504141438609e809d90be37a8212b280fb6d868e4e16b04
                                                                                                • Instruction Fuzzy Hash: 250124B224D312BEEF2B27B97DC59672AA4EB153793210339F810991F0EF214D015248
                                                                                                Function 003A2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,003A5686,003B3CD6,?,00000000,?,003A5B6A,?,?,?,?,?,0039E6D1,?,00438A48), ref: 003A2D78
                                                                                                • _free.LIBCMT ref: 003A2DAB
                                                                                                • _free.LIBCMT ref: 003A2DD3
                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0039E6D1,?,00438A48,00000010,00374F4A,?,?,00000000,003B3CD6), ref: 003A2DE0
                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0039E6D1,?,00438A48,00000010,00374F4A,?,?,00000000,003B3CD6), ref: 003A2DEC
                                                                                                • _abort.LIBCMT ref: 003A2DF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                • String ID:
                                                                                                • API String ID: 3160817290-0
                                                                                                • Opcode ID: 87276c2569ec83def7f3b3a71e1ebc2f63b22ea016c82dbeac80bc605b00db2c
                                                                                                • Instruction ID: ecbe3d20a2bde0c8bd32776891ed0110c494bf46ee76ca8870de3a05326fc16a
                                                                                                • Opcode Fuzzy Hash: 87276c2569ec83def7f3b3a71e1ebc2f63b22ea016c82dbeac80bc605b00db2c
                                                                                                • Instruction Fuzzy Hash: 92F0C232545A006BC623273DBC4AF5B365AEFC37A1F260628F834AA1D3EF3488015265
                                                                                                Function 00408A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00389693
                                                                                                  • Part of subcall function 00389639: SelectObject.GDI32(?,00000000), ref: 003896A2
                                                                                                  • Part of subcall function 00389639: BeginPath.GDI32(?), ref: 003896B9
                                                                                                  • Part of subcall function 00389639: SelectObject.GDI32(?,00000000), ref: 003896E2
                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00408A4E
                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00408A62
                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00408A70
                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00408A80
                                                                                                • EndPath.GDI32(?), ref: 00408A90
                                                                                                • StrokePath.GDI32(?), ref: 00408AA0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                • String ID:
                                                                                                • API String ID: 43455801-0
                                                                                                • Opcode ID: 164e44c407e12cd9003d784939ab7599d31f874fd0409cd8107f295f7531f91c
                                                                                                • Instruction ID: 9edc487609da31e553c2df0590724f9dd9cdfbafc612ab1f82b657892c91478a
                                                                                                • Opcode Fuzzy Hash: 164e44c407e12cd9003d784939ab7599d31f874fd0409cd8107f295f7531f91c
                                                                                                • Instruction Fuzzy Hash: 8111177600010CFFEF129F90DD88EAA7F6CEB08350F048122FA19AA1A1C7719D95DFA4
                                                                                                Function 003D51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(00000000), ref: 003D5218
                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 003D5229
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003D5230
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 003D5238
                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 003D524F
                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 003D5261
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDevice$Release
                                                                                                • String ID:
                                                                                                • API String ID: 1035833867-0
                                                                                                • Opcode ID: ddde769e1bb3249919f9be839a6b33f02a9b17e771358cc033ff236479ab0795
                                                                                                • Instruction ID: bba351f27f3a532546ec7f3c74bbcf56d93a79fc4d75566eb4079d7c5ff452be
                                                                                                • Opcode Fuzzy Hash: ddde769e1bb3249919f9be839a6b33f02a9b17e771358cc033ff236479ab0795
                                                                                                • Instruction Fuzzy Hash: 07018F75A01708FBEB109BA59D89F4EBFB8EB48351F044566FA04AB280D6709C04CFA4
                                                                                                Function 00371BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00371BF4
                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00371BFC
                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00371C07
                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00371C12
                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00371C1A
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00371C22
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Virtual
                                                                                                • String ID:
                                                                                                • API String ID: 4278518827-0
                                                                                                • Opcode ID: 8f7cc237e81da5c842682182284883185508f11a56cde9552644de574556804f
                                                                                                • Instruction ID: b17aa6607ba9858041bb864917bff1697e0a552c25d371580589993b1c345298
                                                                                                • Opcode Fuzzy Hash: 8f7cc237e81da5c842682182284883185508f11a56cde9552644de574556804f
                                                                                                • Instruction Fuzzy Hash: 07016CB0902759BDE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                Function 003DEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 003DEB30
                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 003DEB46
                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 003DEB55
                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003DEB64
                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003DEB6E
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003DEB75
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                • String ID:
                                                                                                • API String ID: 839392675-0
                                                                                                • Opcode ID: 2a38d5d4b5904fc9dc31891c78a58666b415bf0e5e6c65a854219e270eaae2e7
                                                                                                • Instruction ID: 3826180105263fa5d9e4d5136b72b845248ce26cc0952d550f4c0ce03fdf84d6
                                                                                                • Opcode Fuzzy Hash: 2a38d5d4b5904fc9dc31891c78a58666b415bf0e5e6c65a854219e270eaae2e7
                                                                                                • Instruction Fuzzy Hash: E1F03072140158FBE72157629D4DEEF3E7CEFCAB11F004269F601E5191D7B15A01CAB9
                                                                                                Function 003C7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClientRect.USER32(?), ref: 003C7452
                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 003C7469
                                                                                                • GetWindowDC.USER32(?), ref: 003C7475
                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 003C7484
                                                                                                • ReleaseDC.USER32(?,00000000), ref: 003C7496
                                                                                                • GetSysColor.USER32(00000005), ref: 003C74B0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                • String ID:
                                                                                                • API String ID: 272304278-0
                                                                                                • Opcode ID: 2c63ab5e92f27980dda6ca54927e93d49f15f3e349dfe589d124ca06b6ebaa04
                                                                                                • Instruction ID: 3203ba67490369e908c38c4d2bb3fe01cb6d7ce46d74fbc4a4edea35f33f402f
                                                                                                • Opcode Fuzzy Hash: 2c63ab5e92f27980dda6ca54927e93d49f15f3e349dfe589d124ca06b6ebaa04
                                                                                                • Instruction Fuzzy Hash: A7017831400215EFEB215F64DD48BAA7BB9FB04321F110664FE15A20A0CB311E41AF54
                                                                                                Function 003D1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003D187F
                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 003D188B
                                                                                                • CloseHandle.KERNEL32(?), ref: 003D1894
                                                                                                • CloseHandle.KERNEL32(?), ref: 003D189C
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 003D18A5
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D18AC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                • String ID:
                                                                                                • API String ID: 146765662-0
                                                                                                • Opcode ID: a906a694b908f4fea31940c0648d38793f93fb378d1ffd59ec3f91992a9a41b8
                                                                                                • Instruction ID: 6417558baee8d7b0c1a9fd6010d56d01d3c69fad6f71c3c71cca34e46f1e77ce
                                                                                                • Opcode Fuzzy Hash: a906a694b908f4fea31940c0648d38793f93fb378d1ffd59ec3f91992a9a41b8
                                                                                                • Instruction Fuzzy Hash: A4E0C236004101FBDA016BB1EE4CD0ABB39FB49B22B108330F225A50B0CB329420DF98
                                                                                                Function 0037BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 0037BEB3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Init_thread_footer
                                                                                                • String ID: D%D$D%D$D%D$D%DD%D
                                                                                                • API String ID: 1385522511-2851881395
                                                                                                • Opcode ID: 36828c531a990163e70055d45e571f33880f933d40f7a716c24c81c6ff4f5da4
                                                                                                • Instruction ID: 80dedb854c564fef468c9944ffd24fa73b3fca05daf6070f296b46a0bf8c5d67
                                                                                                • Opcode Fuzzy Hash: 36828c531a990163e70055d45e571f33880f933d40f7a716c24c81c6ff4f5da4
                                                                                                • Instruction Fuzzy Hash: 5F916B75A0020ADFCB2ACF58C0917AAF7F5FF58310F25C16AE949AB350D775A981CB90
                                                                                                Function 003F7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00390242: EnterCriticalSection.KERNEL32(0044070C,00441884,?,?,0038198B,00442518,?,?,?,003712F9,00000000), ref: 0039024D
                                                                                                  • Part of subcall function 00390242: LeaveCriticalSection.KERNEL32(0044070C,?,0038198B,00442518,?,?,?,003712F9,00000000), ref: 0039028A
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003900A3: __onexit.LIBCMT ref: 003900A9
                                                                                                • __Init_thread_footer.LIBCMT ref: 003F7BFB
                                                                                                  • Part of subcall function 003901F8: EnterCriticalSection.KERNEL32(0044070C,?,?,00388747,00442514), ref: 00390202
                                                                                                  • Part of subcall function 003901F8: LeaveCriticalSection.KERNEL32(0044070C,?,00388747,00442514), ref: 00390235
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                • String ID: +T<$5$G$Variable must be of type 'Object'.
                                                                                                • API String ID: 535116098-2746437690
                                                                                                • Opcode ID: c5f50d2a25ac2c7b5b2be07fd1fed90c7be6dac105234e7be93ef621abb11995
                                                                                                • Instruction ID: 1d1520874a72de0ea2e1aeb441122bcaaf66dbb3e0e75ea7a385eb938bed2ba1
                                                                                                • Opcode Fuzzy Hash: c5f50d2a25ac2c7b5b2be07fd1fed90c7be6dac105234e7be93ef621abb11995
                                                                                                • Instruction Fuzzy Hash: 4D919B74A04209EFCB16EF54D891DBDB7B5FF49300F50805AFA06AB2A2DB71AE41CB51
                                                                                                Function 003DC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00377620: _wcslen.LIBCMT ref: 00377625
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003DC6EE
                                                                                                • _wcslen.LIBCMT ref: 003DC735
                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003DC79C
                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 003DC7CA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                • String ID: 0
                                                                                                • API String ID: 1227352736-4108050209
                                                                                                • Opcode ID: 43831fd1ee659538e802da064a30020d8de0c03ff797afc43f2b1020516ff698
                                                                                                • Instruction ID: 790420aae74a8554dffce4d963aa2434b787b1d15af6f6d92f3741e05467f183
                                                                                                • Opcode Fuzzy Hash: 43831fd1ee659538e802da064a30020d8de0c03ff797afc43f2b1020516ff698
                                                                                                • Instruction Fuzzy Hash: 8C5102726343029FD7169F28E885B6B77E8AF45310F042A2AF595D73E0DB74D844CB52
                                                                                                Function 003D719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003D7206
                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 003D723C
                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 003D724D
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003D72CF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                • String ID: DllGetClassObject
                                                                                                • API String ID: 753597075-1075368562
                                                                                                • Opcode ID: 1677c6a7f179e95a063d42b018d49e534ca0e51ff9ae3a8c2ac712b8c0a547e8
                                                                                                • Instruction ID: de3dbe95df14ea66670a32bc06b8bd3b4586335b51467b54ba278c27bc5f00cb
                                                                                                • Opcode Fuzzy Hash: 1677c6a7f179e95a063d42b018d49e534ca0e51ff9ae3a8c2ac712b8c0a547e8
                                                                                                • Instruction Fuzzy Hash: 47418172604204EFDB16CF54D884A9A7BB9EF44310F1585AEBD059F30AE7B5D944CBA0
                                                                                                Function 00403D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00403E35
                                                                                                • IsMenu.USER32(?), ref: 00403E4A
                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00403E92
                                                                                                • DrawMenuBar.USER32 ref: 00403EA5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                • String ID: 0
                                                                                                • API String ID: 3076010158-4108050209
                                                                                                • Opcode ID: 25c86dde679135a9bed34006c3b778b7e1cdcc4bef913ae55693318d332891cd
                                                                                                • Instruction ID: ed10cff3c96c1defc85a8a7c9c0fc5c6e29c5febd3f2244df4d1125b984f7db1
                                                                                                • Opcode Fuzzy Hash: 25c86dde679135a9bed34006c3b778b7e1cdcc4bef913ae55693318d332891cd
                                                                                                • Instruction Fuzzy Hash: F6414A79A01609EFDB10DF50D884EAABBB9FF49351F04422AE905A7390D738AE45CF94
                                                                                                Function 003D1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003D3CCA
                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 003D1E66
                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 003D1E79
                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 003D1EA9
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 2081771294-1403004172
                                                                                                • Opcode ID: 0e23d0a8116895b94d8bbb006d93c0379e9029779e3a682319b1fd271b83fc44
                                                                                                • Instruction ID: 04709b563fba51e2d783687d81e5246172611a3e364c222493d7a97ec2fecf1f
                                                                                                • Opcode Fuzzy Hash: 0e23d0a8116895b94d8bbb006d93c0379e9029779e3a682319b1fd271b83fc44
                                                                                                • Instruction Fuzzy Hash: 8B213B72A00104BFDB26AB64EC56DFFB7BDEF45350B14462BF815AB2E1DB384D069620
                                                                                                Function 00402F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00402F8D
                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00402F94
                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00402FA9
                                                                                                • DestroyWindow.USER32(?), ref: 00402FB1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                • String ID: SysAnimate32
                                                                                                • API String ID: 3529120543-1011021900
                                                                                                • Opcode ID: 9a9137b59eab63cd4a0307dd54af9f95a086ccc322ae1f8db87665883ffe83db
                                                                                                • Instruction ID: 34c35f2fa268af2769eda6577c77a3d6b81c2555b29bcd059fabf9b6938b250a
                                                                                                • Opcode Fuzzy Hash: 9a9137b59eab63cd4a0307dd54af9f95a086ccc322ae1f8db87665883ffe83db
                                                                                                • Instruction Fuzzy Hash: 1121D471100206EBEB115F64DD88EBB77BDEB593A4F10063AF950E22D0C7B5DC41A768
                                                                                                Function 00394D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00394D1E,003A28E9,?,00394CBE,003A28E9,004388B8,0000000C,00394E15,003A28E9,00000002), ref: 00394D8D
                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00394DA0
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00394D1E,003A28E9,?,00394CBE,003A28E9,004388B8,0000000C,00394E15,003A28E9,00000002,00000000), ref: 00394DC3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                • API String ID: 4061214504-1276376045
                                                                                                • Opcode ID: 5b46a86efffa9dd90056b4cbb7a087ec2853094ba7de45f1b373037c1a78141e
                                                                                                • Instruction ID: 6c11d16d7b0ed871af4fa265ff995d35be68e742efe6563448aa7d50d8121907
                                                                                                • Opcode Fuzzy Hash: 5b46a86efffa9dd90056b4cbb7a087ec2853094ba7de45f1b373037c1a78141e
                                                                                                • Instruction Fuzzy Hash: 25F0AF34A00208FBDB129F90DC89BEDBBB4EF04712F0002A5F809B62A0DB745981CB98
                                                                                                Function 00374E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00374EDD,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374E9C
                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00374EAE
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00374EDD,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374EC0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                • API String ID: 145871493-3689287502
                                                                                                • Opcode ID: 723120d5d30dcbdad45c40db4c97ecbe03ba79c686ba419403d34316e7154bea
                                                                                                • Instruction ID: 3f11657195f8ac1c653ce3d314a8df893bb267462f3e3402733c62ed7da69587
                                                                                                • Opcode Fuzzy Hash: 723120d5d30dcbdad45c40db4c97ecbe03ba79c686ba419403d34316e7154bea
                                                                                                • Instruction Fuzzy Hash: 44E08636A02522DBD2321B256C58B6B6594AF81B72B064225FC04F6144DB7CDD0188A8
                                                                                                Function 00374E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,003B3CDE,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374E62
                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00374E74
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,003B3CDE,?,00441418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00374E87
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                • API String ID: 145871493-1355242751
                                                                                                • Opcode ID: d09080ef0622523027bca22289bdbaa5252ed54b13a8df424da5b4ac588d5820
                                                                                                • Instruction ID: 6627611ad73bb38880a6c61593fb41a1c4976494adacbedaa60a0366552f06f4
                                                                                                • Opcode Fuzzy Hash: d09080ef0622523027bca22289bdbaa5252ed54b13a8df424da5b4ac588d5820
                                                                                                • Instruction Fuzzy Hash: 42D0C232502621E7C6331B247C08E8B2A1CEF85B213064331B808FA154CF7CDD019AD8
                                                                                                Function 003E2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003E2C05
                                                                                                • DeleteFileW.KERNEL32(?), ref: 003E2C87
                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003E2C9D
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003E2CAE
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003E2CC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Delete$Copy
                                                                                                • String ID:
                                                                                                • API String ID: 3226157194-0
                                                                                                • Opcode ID: c618e4f3129ee717958e0515092fdeb227c51323fb88e6e8caed80427f4a1dac
                                                                                                • Instruction ID: e922a4280d4450caa561d77121fee638dbb2dc7e01234ad6cf279fc77bdc4ac6
                                                                                                • Opcode Fuzzy Hash: c618e4f3129ee717958e0515092fdeb227c51323fb88e6e8caed80427f4a1dac
                                                                                                • Instruction Fuzzy Hash: 81B16F71D00129ABDF26EBA5CC85EDFB7BDEF49340F1041A6F509EA181EB349A448F61
                                                                                                Function 003FA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 003FA427
                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 003FA435
                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 003FA468
                                                                                                • CloseHandle.KERNEL32(?), ref: 003FA63D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                • String ID:
                                                                                                • API String ID: 3488606520-0
                                                                                                • Opcode ID: b95c7fee3c82ade33b5b99a8319f3b287000aabd4ffd8e1fec38118248850d9b
                                                                                                • Instruction ID: 08d871fb248b37b16f853012893ea790af715dac79bc5661bb057c9583907643
                                                                                                • Opcode Fuzzy Hash: b95c7fee3c82ade33b5b99a8319f3b287000aabd4ffd8e1fec38118248850d9b
                                                                                                • Instruction Fuzzy Hash: C3A190B16047009FD721DF24C886F2AB7E5AF84714F14885DFA9E9B392D774EC418B92
                                                                                                Function 003DE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003DCF22,?), ref: 003DDDFD
                                                                                                  • Part of subcall function 003DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003DCF22,?), ref: 003DDE16
                                                                                                  • Part of subcall function 003DE199: GetFileAttributesW.KERNEL32(?,003DCF95), ref: 003DE19A
                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 003DE473
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 003DE4AC
                                                                                                • _wcslen.LIBCMT ref: 003DE5EB
                                                                                                • _wcslen.LIBCMT ref: 003DE603
                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 003DE650
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 3183298772-0
                                                                                                • Opcode ID: 188255033b600b1e52ca2517d4e693e52b69d5e5be6b408fd3f7f2408ac3ba77
                                                                                                • Instruction ID: 7dc18f2f2b997dda5b06f00d36eaf86865bd218a45bdd754405ce388c0ce2c03
                                                                                                • Opcode Fuzzy Hash: 188255033b600b1e52ca2517d4e693e52b69d5e5be6b408fd3f7f2408ac3ba77
                                                                                                • Instruction Fuzzy Hash: 285184B24083459BC726EB90DC81ADF77ECAF85340F00492FF589DB291EF74A6888756
                                                                                                Function 003FB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003FB6AE,?,?), ref: 003FC9B5
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FC9F1
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA68
                                                                                                  • Part of subcall function 003FC998: _wcslen.LIBCMT ref: 003FCA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003FBAA5
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003FBB00
                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 003FBB63
                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 003FBBA6
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 003FBBB3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                • String ID:
                                                                                                • API String ID: 826366716-0
                                                                                                • Opcode ID: d5f183e135ffd46ea7c199776c75bf6e3bf673102b8912e971f0f8b922a37cfc
                                                                                                • Instruction ID: e0736415b855b4fc21e78a683523dd81783cd66e9962ee5a7744a6eab0825916
                                                                                                • Opcode Fuzzy Hash: d5f183e135ffd46ea7c199776c75bf6e3bf673102b8912e971f0f8b922a37cfc
                                                                                                • Instruction Fuzzy Hash: 43618C71208205EFD716DF14C490E2ABBE9FF84308F1485ADF5998B2A2DB35ED45CB92
                                                                                                Function 003D8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 003D8BCD
                                                                                                • VariantClear.OLEAUT32 ref: 003D8C3E
                                                                                                • VariantClear.OLEAUT32 ref: 003D8C9D
                                                                                                • VariantClear.OLEAUT32(?), ref: 003D8D10
                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 003D8D3B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                • String ID:
                                                                                                • API String ID: 4136290138-0
                                                                                                • Opcode ID: eaaaa6d0ec9ee3149469e39f87ca5c064a8830c04eb7479acfab7c349a895792
                                                                                                • Instruction ID: 2ac91ae09c77386b750b1b089ec4f21a1f2e47255d31d403d7855e40d981eec2
                                                                                                • Opcode Fuzzy Hash: eaaaa6d0ec9ee3149469e39f87ca5c064a8830c04eb7479acfab7c349a895792
                                                                                                • Instruction Fuzzy Hash: A7516AB5A00219EFCB15CF68D884AAAB7F9FF89314B15856AE905DB350E730E911CF90
                                                                                                Function 003E8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 003E8BAE
                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 003E8BDA
                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 003E8C32
                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003E8C57
                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003E8C5F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                • String ID:
                                                                                                • API String ID: 2832842796-0
                                                                                                • Opcode ID: 5727a53bb432ddddd31203e3d07b2b340f2b6993076cc8fe5b7f06be2933fd49
                                                                                                • Instruction ID: 147fd4107bdc1ac973f50f7d579dbe5fb4d116794a0e392492749b76f87fe0b5
                                                                                                • Opcode Fuzzy Hash: 5727a53bb432ddddd31203e3d07b2b340f2b6993076cc8fe5b7f06be2933fd49
                                                                                                • Instruction Fuzzy Hash: F2514835A00215AFCB16DF65C881A6DBBF5FF49314F18C498E849AB3A2CB35ED51CB90
                                                                                                Function 003F8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 003F8F40
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 003F8FD0
                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 003F8FEC
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 003F9032
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 003F9052
                                                                                                  • Part of subcall function 0038F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,003E1043,?,753CE610), ref: 0038F6E6
                                                                                                  • Part of subcall function 0038F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,003CFA64,00000000,00000000,?,?,003E1043,?,753CE610,?,003CFA64), ref: 0038F70D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                • String ID:
                                                                                                • API String ID: 666041331-0
                                                                                                • Opcode ID: 5556bb843eb49a0705ab61135435f025e819e8b92419bc2f5b0a44b7d2881aa2
                                                                                                • Instruction ID: 31be847ede50efc28b451ab1103a2e9c3a3c5c9e69cad1af2e7a8f2497b2f1cf
                                                                                                • Opcode Fuzzy Hash: 5556bb843eb49a0705ab61135435f025e819e8b92419bc2f5b0a44b7d2881aa2
                                                                                                • Instruction Fuzzy Hash: 95513934600209DFC716DF58C484AADBBB1FF49324B0581A9E90AAF762DB35ED85CB91
                                                                                                Function 00406B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00406C33
                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00406C4A
                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00406C73
                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,003EAB79,00000000,00000000), ref: 00406C98
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00406CC7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                • String ID:
                                                                                                • API String ID: 3688381893-0
                                                                                                • Opcode ID: 8c9ea448b250702079a9ce6327f1cb0a8aed0a0df4831f2c51e54a3a9329d053
                                                                                                • Instruction ID: 01a52d1ab425d0376474e4fcdbdf1f9fd8d9ca7ab77569f77d2e0bd41a808a62
                                                                                                • Opcode Fuzzy Hash: 8c9ea448b250702079a9ce6327f1cb0a8aed0a0df4831f2c51e54a3a9329d053
                                                                                                • Instruction Fuzzy Hash: DD410A35608114AFE724CF28CD94FA67BA4EB09350F16023AF956B73E0C375ED61CA48
                                                                                                Function 003A2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: 9e8733f5d0822a1bcc521b2acdc4c87dda01ee935abc4c40693237e110273759
                                                                                                • Instruction ID: 3766cb7727156579966240dc0c7f90669011a340e3129239ab20ea1fe0d8a750
                                                                                                • Opcode Fuzzy Hash: 9e8733f5d0822a1bcc521b2acdc4c87dda01ee935abc4c40693237e110273759
                                                                                                • Instruction Fuzzy Hash: 9A41B176A002009FCB26DF7CC881A5EB7F5EF8A714F1645A9E615EB391DB31AD01CB81
                                                                                                Function 0038912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCursorPos.USER32(?), ref: 00389141
                                                                                                • ScreenToClient.USER32(00000000,?), ref: 0038915E
                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00389183
                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 0038919D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                • String ID:
                                                                                                • API String ID: 4210589936-0
                                                                                                • Opcode ID: 25edc5c88f83a07a670de556e0fb37240e116710669c6b23560a6d07596cfc6f
                                                                                                • Instruction ID: 5e98ea654a4e513614ed7744ed4b06e3ad1c0ddf3d3908047d4ba7c8fb9a4538
                                                                                                • Opcode Fuzzy Hash: 25edc5c88f83a07a670de556e0fb37240e116710669c6b23560a6d07596cfc6f
                                                                                                • Instruction Fuzzy Hash: 70413D31A0861AFBDF16AF64C848BFEB774FB05324F25426AE825A62D0C7746D50CF51
                                                                                                Function 003E3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetInputState.USER32 ref: 003E38CB
                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 003E3922
                                                                                                • TranslateMessage.USER32(?), ref: 003E394B
                                                                                                • DispatchMessageW.USER32(?), ref: 003E3955
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003E3966
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                • String ID:
                                                                                                • API String ID: 2256411358-0
                                                                                                • Opcode ID: 00e9742bcaaae30e8a61f9c920d17f953b1abaf46bb6187fdd3bdfa8ed08e913
                                                                                                • Instruction ID: 92040661f6cbb36671c4b75c051942f7b808a1605dfd0e161488e2fc90eeae18
                                                                                                • Opcode Fuzzy Hash: 00e9742bcaaae30e8a61f9c920d17f953b1abaf46bb6187fdd3bdfa8ed08e913
                                                                                                • Instruction Fuzzy Hash: 8E31C8745043E1EEEB36CB36984CBB637A8AB06304F050779F452931E1D3F49684CB25
                                                                                                Function 003ECF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 003ECF38
                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 003ECF6F
                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,003EC21E,00000000), ref: 003ECFB4
                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,003EC21E,00000000), ref: 003ECFC8
                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,003EC21E,00000000), ref: 003ECFF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                • String ID:
                                                                                                • API String ID: 3191363074-0
                                                                                                • Opcode ID: 596e406ad27db4396204db3c4752ece42be8e31dc6f23aa4e310e88b53e6ac00
                                                                                                • Instruction ID: 83336d2b64a630aaf6e72d2ccc53a64d2aced8887615312da30231ff9a3c4523
                                                                                                • Opcode Fuzzy Hash: 596e406ad27db4396204db3c4752ece42be8e31dc6f23aa4e310e88b53e6ac00
                                                                                                • Instruction Fuzzy Hash: C9317C71610355EFDB21DFA6C984AAFBBF9EF04311B10466EF506E2181DB30AE429B60
                                                                                                Function 003D1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 003D1915
                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 003D19C1
                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 003D19C9
                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 003D19DA
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 003D19E2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3382505437-0
                                                                                                • Opcode ID: 97701538d4e199fec35e87492bb437f04bc928ecc95ab32de3d8be505546b049
                                                                                                • Instruction ID: a9d606f34c11232919d705c474a25a4a1baf179cbccce4fc2e238b11d43e18df
                                                                                                • Opcode Fuzzy Hash: 97701538d4e199fec35e87492bb437f04bc928ecc95ab32de3d8be505546b049
                                                                                                • Instruction Fuzzy Hash: 40319F72A00219EFCB14CFA8DDA9ADE7BB5EB44315F10432AF921AB2D1C7709D54DB90
                                                                                                Function 00405706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00405745
                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 0040579D
                                                                                                • _wcslen.LIBCMT ref: 004057AF
                                                                                                • _wcslen.LIBCMT ref: 004057BA
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00405816
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 763830540-0
                                                                                                • Opcode ID: de35f5aacfeead352417b9468b1bb4b89a2966eb2286d96ae2ffa591e9c09060
                                                                                                • Instruction ID: 7001ebbb522776b7136b30f64521c03524b194d7d723c62abe7e015495af67ec
                                                                                                • Opcode Fuzzy Hash: de35f5aacfeead352417b9468b1bb4b89a2966eb2286d96ae2ffa591e9c09060
                                                                                                • Instruction Fuzzy Hash: B9218075904618AADB209F60CC84AEF77B8EB44324F108227E919FB2C0D7789986CF59
                                                                                                Function 003F0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000000), ref: 003F0951
                                                                                                • GetForegroundWindow.USER32 ref: 003F0968
                                                                                                • GetDC.USER32(00000000), ref: 003F09A4
                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 003F09B0
                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 003F09E8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                • String ID:
                                                                                                • API String ID: 4156661090-0
                                                                                                • Opcode ID: 5788aeed4ccedeaade6a1ff970f1db09a7b98ab04719e473c4c75de49a44a97b
                                                                                                • Instruction ID: a7fc8048568aa3144487a535198708b814fd040806bb68deea1f98a727e7211d
                                                                                                • Opcode Fuzzy Hash: 5788aeed4ccedeaade6a1ff970f1db09a7b98ab04719e473c4c75de49a44a97b
                                                                                                • Instruction Fuzzy Hash: AD216235600214AFD714EF69C985A6EB7F5EF45700F048578F94AAB762DB70AC04CB50
                                                                                                Function 003ACDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 003ACDC6
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003ACDE9
                                                                                                  • Part of subcall function 003A3820: RtlAllocateHeap.NTDLL(00000000,?,00441444,?,0038FDF5,?,?,0037A976,00000010,00441440,003713FC,?,003713C6,?,00371129), ref: 003A3852
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 003ACE0F
                                                                                                • _free.LIBCMT ref: 003ACE22
                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003ACE31
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 336800556-0
                                                                                                • Opcode ID: 154dd30d87c2b93901f429a4874adc422256f40712226c5637b59a24c4e6c100
                                                                                                • Instruction ID: 575d963f2fe11ff166d1b9d8ce156b31380fd576800f8a784a3d8e0385390755
                                                                                                • Opcode Fuzzy Hash: 154dd30d87c2b93901f429a4874adc422256f40712226c5637b59a24c4e6c100
                                                                                                • Instruction Fuzzy Hash: F301F772611215BFA72317BA6C8CC7BB96DEEC7BA23161229FD05DB201EA708D0181F4
                                                                                                Function 00389639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00389693
                                                                                                • SelectObject.GDI32(?,00000000), ref: 003896A2
                                                                                                • BeginPath.GDI32(?), ref: 003896B9
                                                                                                • SelectObject.GDI32(?,00000000), ref: 003896E2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                • String ID:
                                                                                                • API String ID: 3225163088-0
                                                                                                • Opcode ID: 670bc5b4a1f2ddc8a6639769cdd7478fbd9d3863da5f86e7c011508c01b93ad7
                                                                                                • Instruction ID: 9010a1fb85d8d9ef7783c621bb8f374ec1822c2a20bd5dd36ba8b922ab0d04ed
                                                                                                • Opcode Fuzzy Hash: 670bc5b4a1f2ddc8a6639769cdd7478fbd9d3863da5f86e7c011508c01b93ad7
                                                                                                • Instruction Fuzzy Hash: 902192B4802305EFDB12AF64DD44BB93BA8BB01325F150277F820A61B0E37098D1CF98
                                                                                                Function 003D5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 2931989736-0
                                                                                                • Opcode ID: b5a03dfa1acd7a6270fe0a67e5d9ae7b7b2eabad9282f0fa5272d3d7f1323583
                                                                                                • Instruction ID: ff7d35b4d32a7c963aa22e8a305225e81ed96d5564c9bc64c097d7db080000ed
                                                                                                • Opcode Fuzzy Hash: b5a03dfa1acd7a6270fe0a67e5d9ae7b7b2eabad9282f0fa5272d3d7f1323583
                                                                                                • Instruction Fuzzy Hash: 6701D6A7645605FAE61A5510AD82FBA736C9B21394B200032FD04BEB81F730ED1486A4
                                                                                                Function 003A2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,?,0039F2DE,003A3863,00441444,?,0038FDF5,?,?,0037A976,00000010,00441440,003713FC,?,003713C6), ref: 003A2DFD
                                                                                                • _free.LIBCMT ref: 003A2E32
                                                                                                • _free.LIBCMT ref: 003A2E59
                                                                                                • SetLastError.KERNEL32(00000000,00371129), ref: 003A2E66
                                                                                                • SetLastError.KERNEL32(00000000,00371129), ref: 003A2E6F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free
                                                                                                • String ID:
                                                                                                • API String ID: 3170660625-0
                                                                                                • Opcode ID: c0bc813873d3e267c9b4f8f7b0d8a20f8a593fe446001f04acbdb531aaba13f8
                                                                                                • Instruction ID: 0478cf5fa1c29eb51afb429b0bf4ad635034df53bbb1b1737dfd972c44a7556c
                                                                                                • Opcode Fuzzy Hash: c0bc813873d3e267c9b4f8f7b0d8a20f8a593fe446001f04acbdb531aaba13f8
                                                                                                • Instruction Fuzzy Hash: 7D0128322456006BC613273D6C8AE2B265DEBD37B1B220538F825F61D3EF78CC414120
                                                                                                Function 003D000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?,?,?,003D035E), ref: 003D002B
                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?,?), ref: 003D0046
                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?,?), ref: 003D0054
                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?), ref: 003D0064
                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003CFF41,80070057,?,?), ref: 003D0070
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 3897988419-0
                                                                                                • Opcode ID: 4589fcd4af7337bcd64c2c8fe23967457522fbe3f2b48943ddf5daecbd215eb6
                                                                                                • Instruction ID: e136b60e40e0e245f94f3cf4b65e98ee1e60343e7041487fd51d225d25279e25
                                                                                                • Opcode Fuzzy Hash: 4589fcd4af7337bcd64c2c8fe23967457522fbe3f2b48943ddf5daecbd215eb6
                                                                                                • Instruction Fuzzy Hash: FA018B73600204FFDB165F68ED84BAE7AADEB84B92F148225F905E2210E771DD408BA4
                                                                                                Function 003DE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 003DE997
                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 003DE9A5
                                                                                                • Sleep.KERNEL32(00000000), ref: 003DE9AD
                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 003DE9B7
                                                                                                • Sleep.KERNEL32 ref: 003DE9F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                • String ID:
                                                                                                • API String ID: 2833360925-0
                                                                                                • Opcode ID: b2bcdcc41ccf0a1131955f5c1b63d876864a53690c4855cafa3c4ba8ebfdcdf4
                                                                                                • Instruction ID: 3b452e49bbd38485a35627f1cb45ab2d2fd9de012dd1e0ee51b0bcff3845d217
                                                                                                • Opcode Fuzzy Hash: b2bcdcc41ccf0a1131955f5c1b63d876864a53690c4855cafa3c4ba8ebfdcdf4
                                                                                                • Instruction Fuzzy Hash: 9D016D32C02529DBCF01AFE4EDA9ADDBB78FF08300F010666E502B6240CB349550CBA5
                                                                                                Function 003D10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003D1114
                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D1120
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D112F
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003D0B9B,?,?,?), ref: 003D1136
                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003D114D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 842720411-0
                                                                                                • Opcode ID: 754d209b35c14a9604109a40f18e6f84c905344142a9c1ab025de6afdca9dc77
                                                                                                • Instruction ID: 87ba6c7f9f024d7cba94b7c32c6bff641aec76344437bdff9accd1b95496f221
                                                                                                • Opcode Fuzzy Hash: 754d209b35c14a9604109a40f18e6f84c905344142a9c1ab025de6afdca9dc77
                                                                                                • Instruction Fuzzy Hash: EF011D75100205FFDB124FA5ED89E6A3B7EEF89360B214525FA45D7350DA31DC009A64
                                                                                                Function 003D0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003D0FCA
                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003D0FD6
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003D0FE5
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003D0FEC
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003D1002
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 44706859-0
                                                                                                • Opcode ID: 62abfd928371d1c7d4a1fcbc643a444860bb89720508cbffa6d1b32fa2a168cd
                                                                                                • Instruction ID: a86c026ada7d1ef4750c6ba2b4b47e1b42cbfe43787c0fd1b345483c99077e55
                                                                                                • Opcode Fuzzy Hash: 62abfd928371d1c7d4a1fcbc643a444860bb89720508cbffa6d1b32fa2a168cd
                                                                                                • Instruction Fuzzy Hash: A7F06D36240301FBDB225FA4ED8DF563BADEF89762F114525FA45EB291CA70DC50CA60
                                                                                                Function 003D1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003D102A
                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003D1036
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003D1045
                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003D104C
                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003D1062
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 44706859-0
                                                                                                • Opcode ID: 08dadc3df5205d48b1dd198f6d1ebe934fa778f2da0b541fb189474808443a44
                                                                                                • Instruction ID: 30b571995592101a40612a90ec8f80d2ebcc1aff077ff5dafe3b53823a5d0e91
                                                                                                • Opcode Fuzzy Hash: 08dadc3df5205d48b1dd198f6d1ebe934fa778f2da0b541fb189474808443a44
                                                                                                • Instruction Fuzzy Hash: 90F06D36240301FBDB226FA4ED89F563BADEF89761F110525FA45EB250CA70D840CA60
                                                                                                Function 003E030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,003E017D,?,003E32FC,?,00000001,003B2592,?), ref: 003E0324
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,003E017D,?,003E32FC,?,00000001,003B2592,?), ref: 003E0331
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,003E017D,?,003E32FC,?,00000001,003B2592,?), ref: 003E033E
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,003E017D,?,003E32FC,?,00000001,003B2592,?), ref: 003E034B
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,003E017D,?,003E32FC,?,00000001,003B2592,?), ref: 003E0358
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,003E017D,?,003E32FC,?,00000001,003B2592,?), ref: 003E0365
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID:
                                                                                                • API String ID: 2962429428-0
                                                                                                • Opcode ID: 5c69762123b3c65973c1fea2f5b8f2987fbfa67907565c600770df62b66c8c64
                                                                                                • Instruction ID: a14d5c5dd097ece253b61cbfd56d8817c4b9feda2bc2ced4c348cb7374c97acb
                                                                                                • Opcode Fuzzy Hash: 5c69762123b3c65973c1fea2f5b8f2987fbfa67907565c600770df62b66c8c64
                                                                                                • Instruction Fuzzy Hash: 2101A276800B65DFCB369F66D880416F7F5BF503153168A3FD19652971C3B1A994CF80
                                                                                                Function 003AD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 003AD752
                                                                                                  • Part of subcall function 003A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000), ref: 003A29DE
                                                                                                  • Part of subcall function 003A29C8: GetLastError.KERNEL32(00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000,00000000), ref: 003A29F0
                                                                                                • _free.LIBCMT ref: 003AD764
                                                                                                • _free.LIBCMT ref: 003AD776
                                                                                                • _free.LIBCMT ref: 003AD788
                                                                                                • _free.LIBCMT ref: 003AD79A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 3bc25798ed6aa81d3fda2558c3f12f8b45f3b836cb724547f79d26c8c1bd40a1
                                                                                                • Instruction ID: 3822f0ba3964ba39cf5a9049d070c612f979071076b4c1e2c2fd8c1cb4f629d3
                                                                                                • Opcode Fuzzy Hash: 3bc25798ed6aa81d3fda2558c3f12f8b45f3b836cb724547f79d26c8c1bd40a1
                                                                                                • Instruction Fuzzy Hash: 92F04F72504208AF866AFF68F9C5C1B77DDFB07710B961819F049EB911C721FC808765
                                                                                                Function 003D5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 003D5C58
                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 003D5C6F
                                                                                                • MessageBeep.USER32(00000000), ref: 003D5C87
                                                                                                • KillTimer.USER32(?,0000040A), ref: 003D5CA3
                                                                                                • EndDialog.USER32(?,00000001), ref: 003D5CBD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3741023627-0
                                                                                                • Opcode ID: 8dc312a568e26589ad340c600323c2c721328226be14a6896d2e65d2e3ede325
                                                                                                • Instruction ID: 94f064bf20d57cd84dbe56dd4fe74131183078f58a00d93291ad1d113fa32b6b
                                                                                                • Opcode Fuzzy Hash: 8dc312a568e26589ad340c600323c2c721328226be14a6896d2e65d2e3ede325
                                                                                                • Instruction Fuzzy Hash: 93018B31510B04DBEB315B10EE8EFA577B8BB00B45F04066AB543725E1DBF559448A54
                                                                                                Function 003A22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 003A22BE
                                                                                                  • Part of subcall function 003A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000), ref: 003A29DE
                                                                                                  • Part of subcall function 003A29C8: GetLastError.KERNEL32(00000000,?,003AD7D1,00000000,00000000,00000000,00000000,?,003AD7F8,00000000,00000007,00000000,?,003ADBF5,00000000,00000000), ref: 003A29F0
                                                                                                • _free.LIBCMT ref: 003A22D0
                                                                                                • _free.LIBCMT ref: 003A22E3
                                                                                                • _free.LIBCMT ref: 003A22F4
                                                                                                • _free.LIBCMT ref: 003A2305
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 6808fb2101d916ec09f4aa115376e40f69f90f7bf0c4e22b06c5e74e6e01280d
                                                                                                • Instruction ID: 3823d90bad98d4faf191204b62edee8f5dc62da6d3d53e95c306c1a778831e15
                                                                                                • Opcode Fuzzy Hash: 6808fb2101d916ec09f4aa115376e40f69f90f7bf0c4e22b06c5e74e6e01280d
                                                                                                • Instruction Fuzzy Hash: 8CF03A788002208FD757BF68BC4580A3B64F71BB62B01157AF510EA2B1C7710961ABED
                                                                                                Function 003895C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EndPath.GDI32(?), ref: 003895D4
                                                                                                • StrokeAndFillPath.GDI32(?,?,003C71F7,00000000,?,?,?), ref: 003895F0
                                                                                                • SelectObject.GDI32(?,00000000), ref: 00389603
                                                                                                • DeleteObject.GDI32 ref: 00389616
                                                                                                • StrokePath.GDI32(?), ref: 00389631
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                • String ID:
                                                                                                • API String ID: 2625713937-0
                                                                                                • Opcode ID: acd091f5d9e9142926301e1d7bdf372338629c2a9fdf27c2b1d4909b48df97da
                                                                                                • Instruction ID: 5e30c8e316e04e0c3baa6762eb0a8447d703b701e2ff3a8da7d7400cdd20fb84
                                                                                                • Opcode Fuzzy Hash: acd091f5d9e9142926301e1d7bdf372338629c2a9fdf27c2b1d4909b48df97da
                                                                                                • Instruction Fuzzy Hash: 70F0EC79006304EBDB166FA5EE5C7743B65AB02332F088375F469690F0D7348995DF68
                                                                                                Function 003A0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __freea$_free
                                                                                                • String ID: a/p$am/pm
                                                                                                • API String ID: 3432400110-3206640213
                                                                                                • Opcode ID: 351760100788abfddbd9dbad7dd030f4dde1e3a91ebb2629da00f2a84d3fdba7
                                                                                                • Instruction ID: 9eb2e3ba801063e28eef91ce923d5839d4c5513744d793ced561fe986ed48adf
                                                                                                • Opcode Fuzzy Hash: 351760100788abfddbd9dbad7dd030f4dde1e3a91ebb2629da00f2a84d3fdba7
                                                                                                • Instruction Fuzzy Hash: 79D1F339900206DADF2BDF68C855BFEB7B5EF07310F294159E901ABA90D3759D80CB91
                                                                                                Function 003F61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00390242: EnterCriticalSection.KERNEL32(0044070C,00441884,?,?,0038198B,00442518,?,?,?,003712F9,00000000), ref: 0039024D
                                                                                                  • Part of subcall function 00390242: LeaveCriticalSection.KERNEL32(0044070C,?,0038198B,00442518,?,?,?,003712F9,00000000), ref: 0039028A
                                                                                                  • Part of subcall function 003900A3: __onexit.LIBCMT ref: 003900A9
                                                                                                • __Init_thread_footer.LIBCMT ref: 003F6238
                                                                                                  • Part of subcall function 003901F8: EnterCriticalSection.KERNEL32(0044070C,?,?,00388747,00442514), ref: 00390202
                                                                                                  • Part of subcall function 003901F8: LeaveCriticalSection.KERNEL32(0044070C,?,00388747,00442514), ref: 00390235
                                                                                                  • Part of subcall function 003E359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003E35E4
                                                                                                  • Part of subcall function 003E359C: LoadStringW.USER32(00442390,?,00000FFF,?), ref: 003E360A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                • String ID: x#D$x#D$x#D
                                                                                                • API String ID: 1072379062-1009279002
                                                                                                • Opcode ID: 11efc3df180477c49403a318d301536ea0df3c5f31fac051a4e970875594eb1f
                                                                                                • Instruction ID: 345498840c0220eaffb46840de6cb181ff87ca8626f2bb7f1c38c07603771738
                                                                                                • Opcode Fuzzy Hash: 11efc3df180477c49403a318d301536ea0df3c5f31fac051a4e970875594eb1f
                                                                                                • Instruction Fuzzy Hash: F3C1A371A00109AFDB16DF58C891EBEB7B9FF49300F11806AFA15AB291D774ED44CB90
                                                                                                Function 003A5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: JO7
                                                                                                • API String ID: 0-1292904385
                                                                                                • Opcode ID: ce54922bd0f50b8d688a0cfaea5c6c654d04b73b91e2d941105f074cdcc4710a
                                                                                                • Instruction ID: 516dbfb2adcb02a49d58dedd9d69beb915c14ba14396dcf6fee32fe9a0b938dc
                                                                                                • Opcode Fuzzy Hash: ce54922bd0f50b8d688a0cfaea5c6c654d04b73b91e2d941105f074cdcc4710a
                                                                                                • Instruction Fuzzy Hash: 1551B075D00609AFDF129FA8C845FAEBBB8EF17320F150069F505AB292D7759A01CB61
                                                                                                Function 003A8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 003A8B6E
                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 003A8B7A
                                                                                                • __dosmaperr.LIBCMT ref: 003A8B81
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                • String ID: .9
                                                                                                • API String ID: 2434981716-4137932486
                                                                                                • Opcode ID: afa29d29b903f75c44e432055914f31c621b67a8d9a1d5118389e2c2291a163f
                                                                                                • Instruction ID: 211ab83fbc7d05584a2be871e4766b15be13bd983afd7ab1509bbe77b62cc496
                                                                                                • Opcode Fuzzy Hash: afa29d29b903f75c44e432055914f31c621b67a8d9a1d5118389e2c2291a163f
                                                                                                • Instruction Fuzzy Hash: A5418FB4A04045AFDB269F68CC80A7D7FA5DF47304F2985A9F8859B552DE31CC12C7A4
                                                                                                Function 003D2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003DB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003D21D0,?,?,00000034,00000800,?,00000034), ref: 003DB42D
                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 003D2760
                                                                                                  • Part of subcall function 003DB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003D21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 003DB3F8
                                                                                                  • Part of subcall function 003DB32A: GetWindowThreadProcessId.USER32(?,?), ref: 003DB355
                                                                                                  • Part of subcall function 003DB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,003D2194,00000034,?,?,00001004,00000000,00000000), ref: 003DB365
                                                                                                  • Part of subcall function 003DB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,003D2194,00000034,?,?,00001004,00000000,00000000), ref: 003DB37B
                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003D27CD
                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003D281A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                • String ID: @
                                                                                                • API String ID: 4150878124-2766056989
                                                                                                • Opcode ID: 11970d83d3ff7f8ea2fa8ef3c50aeb3fc8b4571b2262d1f8b110b6c43e2d834c
                                                                                                • Instruction ID: 7c5eb6e69addb83389d147e7f2f93ed02725e2cb8251d0704a87cfa9af803954
                                                                                                • Opcode Fuzzy Hash: 11970d83d3ff7f8ea2fa8ef3c50aeb3fc8b4571b2262d1f8b110b6c43e2d834c
                                                                                                • Instruction Fuzzy Hash: 3F413D76900218AFDB21DBA4DD81EDEBBB8EF05300F014056FA55B7281DB716E45DBA0
                                                                                                Function 003A172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 003A1769
                                                                                                • _free.LIBCMT ref: 003A1834
                                                                                                • _free.LIBCMT ref: 003A183E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$FileModuleName
                                                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                                                • API String ID: 2506810119-1957095476
                                                                                                • Opcode ID: 8f1f3b0e72b975244f37361794176d41a4c406d5774a85c150c1cb5cf9c6b41a
                                                                                                • Instruction ID: 0b7e043728b1955eb438f36274eed96e6230ccd5a56c3fb5dc804c88cc79d8cf
                                                                                                • Opcode Fuzzy Hash: 8f1f3b0e72b975244f37361794176d41a4c406d5774a85c150c1cb5cf9c6b41a
                                                                                                • Instruction Fuzzy Hash: 70318075A00218EFDB22DB99D885D9EBBFCEB86310F1141A6F804DB211D7B08E80DB94
                                                                                                Function 003DC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 003DC306
                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 003DC34C
                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00441990,00DC5968), ref: 003DC395
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                • String ID: 0
                                                                                                • API String ID: 135850232-4108050209
                                                                                                • Opcode ID: e0f3faf7a38244a6df057d678813690c7c67d0846df34c29dafed448438e9d45
                                                                                                • Instruction ID: 9d7709e6fa98c39b86f2d129d92502c334d8c801ed735436405650270bfc7c63
                                                                                                • Opcode Fuzzy Hash: e0f3faf7a38244a6df057d678813690c7c67d0846df34c29dafed448438e9d45
                                                                                                • Instruction Fuzzy Hash: 1741C336224342AFDB21DF28E884B1ABBE4AF85310F01961EF9659B3D1C734E904CB52
                                                                                                Function 00404416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0040CC08,00000000,?,?,?,?), ref: 004044AA
                                                                                                • GetWindowLongW.USER32 ref: 004044C7
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004044D7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID: SysTreeView32
                                                                                                • API String ID: 847901565-1698111956
                                                                                                • Opcode ID: 28238564a3a1a4f061f7a85c53096ea839d90e2b3824c3e712d5909c4754ee7c
                                                                                                • Instruction ID: b87c0ef79bb0a99877828c36c54cf3e4fe252be30286ea1f8520c147a6c33468
                                                                                                • Opcode Fuzzy Hash: 28238564a3a1a4f061f7a85c53096ea839d90e2b3824c3e712d5909c4754ee7c
                                                                                                • Instruction Fuzzy Hash: 3231B071200605AFDB219F38DC45BEB77A9EB48334F204726FA75A22D0D778EC509754
                                                                                                Function 003D6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SysReAllocString.OLEAUT32(?,?), ref: 003D6EED
                                                                                                • VariantCopyInd.OLEAUT32(?,?), ref: 003D6F08
                                                                                                • VariantClear.OLEAUT32(?), ref: 003D6F12
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$AllocClearCopyString
                                                                                                • String ID: *j=
                                                                                                • API String ID: 2173805711-232903960
                                                                                                • Opcode ID: 09465e16bf879fc44e31a1793e78d6d9fad0d7b5f4b0eb6fefb51a73b3dd46d4
                                                                                                • Instruction ID: 9f48e440253908e1bfe7d3aa0d60c74538a2e47f7a12554904f207fa9052d497
                                                                                                • Opcode Fuzzy Hash: 09465e16bf879fc44e31a1793e78d6d9fad0d7b5f4b0eb6fefb51a73b3dd46d4
                                                                                                • Instruction Fuzzy Hash: 0331A1B2604605DFCB16AF64E8929BE7779FF45304B1044AAF9264F3A1C7349D21DBD0
                                                                                                Function 003F304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003F335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,003F3077,?,?), ref: 003F3378
                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003F307A
                                                                                                • _wcslen.LIBCMT ref: 003F309B
                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 003F3106
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                • String ID: 255.255.255.255
                                                                                                • API String ID: 946324512-2422070025
                                                                                                • Opcode ID: 7a11ed713ef3392faa8a8a57fa785a31a88ec750d2497159b0f7c0f1edffb02a
                                                                                                • Instruction ID: aa2b852ce5d97659169e3235c209b8371c07d8735af397341fb296c1e4df37eb
                                                                                                • Opcode Fuzzy Hash: 7a11ed713ef3392faa8a8a57fa785a31a88ec750d2497159b0f7c0f1edffb02a
                                                                                                • Instruction Fuzzy Hash: B231E43520420A9FCB22DF28C585E7A77E4EF14318F25C15AEA168F392CB32DE41C761
                                                                                                Function 00403EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00403F40
                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00403F54
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00403F78
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window
                                                                                                • String ID: SysMonthCal32
                                                                                                • API String ID: 2326795674-1439706946
                                                                                                • Opcode ID: 7d5dafaf36c1d93d12a4936f4053da921f99273f09aa2c7922bdf88abc2aa8f1
                                                                                                • Instruction ID: 926983d71b41db67b8bf67255ed2886ce2a5c55c85b3b03954392a9b96c30bc5
                                                                                                • Opcode Fuzzy Hash: 7d5dafaf36c1d93d12a4936f4053da921f99273f09aa2c7922bdf88abc2aa8f1
                                                                                                • Instruction Fuzzy Hash: 4221AD32600219BBDF219F50CC86FEA3B79EB48714F110225FA157B1D0DAB5A8518B94
                                                                                                Function 00404653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00404705
                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00404713
                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0040471A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                • String ID: msctls_updown32
                                                                                                • API String ID: 4014797782-2298589950
                                                                                                • Opcode ID: ceb3c3b988292cc950ed1a47ad5d82ab3366e7cfe25963e8ab11c7cdcc6c70c4
                                                                                                • Instruction ID: 9ecd31fed8bddda889deea946db2e8dc045a488537781c4490e4a69d4e40f827
                                                                                                • Opcode Fuzzy Hash: ceb3c3b988292cc950ed1a47ad5d82ab3366e7cfe25963e8ab11c7cdcc6c70c4
                                                                                                • Instruction Fuzzy Hash: 922151F5600208AFDB11DF68DCD1DA737ADEB8A354B04056AF600AB3A1DB35EC51CA64
                                                                                                Function 003D95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                • API String ID: 176396367-2734436370
                                                                                                • Opcode ID: 100f88c506bb5c1aae0e09951d5c3aeee134d16b8aef77581f936843fb93c7a2
                                                                                                • Instruction ID: 02b67e36068dfcfccfdd735f37424306cea44cd5f9aa4ebafa34439b9b40cc97
                                                                                                • Opcode Fuzzy Hash: 100f88c506bb5c1aae0e09951d5c3aeee134d16b8aef77581f936843fb93c7a2
                                                                                                • Instruction Fuzzy Hash: B121233320421166C733BB24B802FBB73A99F92320F114037F9499B681EB69ED95C395
                                                                                                Function 004037B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00403840
                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00403850
                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00403876
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                • String ID: Listbox
                                                                                                • API String ID: 3315199576-2633736733
                                                                                                • Opcode ID: 7b9b87110418420e3d379c20203eaeb4582c31ee0100facaf942723cb8cd8058
                                                                                                • Instruction ID: f57100482d03c2e7f9a15da7c5163c4e28fda9d04e98e3ee982bcef29d150c39
                                                                                                • Opcode Fuzzy Hash: 7b9b87110418420e3d379c20203eaeb4582c31ee0100facaf942723cb8cd8058
                                                                                                • Instruction Fuzzy Hash: 4521C272610118BBEF219F54CC81FBB3BAEEF89751F108125F944AB2D0CA75DC5287A4
                                                                                                Function 003E49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 003E4A08
                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 003E4A5C
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,0040CC08), ref: 003E4AD0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                • String ID: %lu
                                                                                                • API String ID: 2507767853-685833217
                                                                                                • Opcode ID: d3e4faaeedd195787943678235fa94b617a8e9550dcd6dd17fd146bc84ea0892
                                                                                                • Instruction ID: 54d809b5002dfdc73699a98104b12b705fdf6c965944bb1fb2b14b2024149e52
                                                                                                • Opcode Fuzzy Hash: d3e4faaeedd195787943678235fa94b617a8e9550dcd6dd17fd146bc84ea0892
                                                                                                • Instruction Fuzzy Hash: 11318F71A00109AFDB11DF64C985EAA7BF8EF08318F1481A9F809EF292D775ED45CB61
                                                                                                Function 004041EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0040424F
                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00404264
                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00404271
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: msctls_trackbar32
                                                                                                • API String ID: 3850602802-1010561917
                                                                                                • Opcode ID: 8b28665a626d3dabfd97d30f2c33d07d2e1dd01cf6fa4136f096a99fada32cd6
                                                                                                • Instruction ID: 4ea6c67294a1928bbf0c2526274a298186d5cf238ee83d70e397d117dcef877a
                                                                                                • Opcode Fuzzy Hash: 8b28665a626d3dabfd97d30f2c33d07d2e1dd01cf6fa4136f096a99fada32cd6
                                                                                                • Instruction Fuzzy Hash: 1111C171240208BEEF205F29CC06FAB3BACEF85B64F110529FA55E61E0D675D8619B28
                                                                                                Function 003D2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                  • Part of subcall function 003D2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003D2DC5
                                                                                                  • Part of subcall function 003D2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 003D2DD6
                                                                                                  • Part of subcall function 003D2DA7: GetCurrentThreadId.KERNEL32 ref: 003D2DDD
                                                                                                  • Part of subcall function 003D2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 003D2DE4
                                                                                                • GetFocus.USER32 ref: 003D2F78
                                                                                                  • Part of subcall function 003D2DEE: GetParent.USER32(00000000), ref: 003D2DF9
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 003D2FC3
                                                                                                • EnumChildWindows.USER32(?,003D303B), ref: 003D2FEB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                • String ID: %s%d
                                                                                                • API String ID: 1272988791-1110647743
                                                                                                • Opcode ID: c4b04755db2acc3870cbe242124f9a43b41ab47a55a7729693d697981cc7dc37
                                                                                                • Instruction ID: 9e69f44e9cee7858dcd56e59c6d512e31f7feb289b4234482919e1dfa1421946
                                                                                                • Opcode Fuzzy Hash: c4b04755db2acc3870cbe242124f9a43b41ab47a55a7729693d697981cc7dc37
                                                                                                • Instruction Fuzzy Hash: 5D11D872600205ABCF127F749CD5EEE376AAF94304F044076FD199B292DE355E098B61
                                                                                                Function 00405882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 004058C1
                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 004058EE
                                                                                                • DrawMenuBar.USER32(?), ref: 004058FD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                • String ID: 0
                                                                                                • API String ID: 3227129158-4108050209
                                                                                                • Opcode ID: 819057381d8dcee5b7dcd5f9be938407138724406ff49e1e237c344ea4f3d2c4
                                                                                                • Instruction ID: 3446217cd5c052ce4fae164a53db0fd7091914e7c4c8b32f7ba8f90b52bcbb93
                                                                                                • Opcode Fuzzy Hash: 819057381d8dcee5b7dcd5f9be938407138724406ff49e1e237c344ea4f3d2c4
                                                                                                • Instruction Fuzzy Hash: A201C071500218EFDB21AF11DC44BAFBBB4FF45361F0080AAE848EA291DB349A90DF25
                                                                                                Function 003CD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 003CD3BF
                                                                                                • FreeLibrary.KERNEL32 ref: 003CD3E5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                • API String ID: 3013587201-2590602151
                                                                                                • Opcode ID: e423cf4a523a6d9a69e4c3f48e2eda7d515aee91d0181bfa93110ee44daa824e
                                                                                                • Instruction ID: 91820bf012b7c088af7f18c5c04227aafb1263961b2a435e040ec8c5bd438e17
                                                                                                • Opcode Fuzzy Hash: e423cf4a523a6d9a69e4c3f48e2eda7d515aee91d0181bfa93110ee44daa824e
                                                                                                • Instruction Fuzzy Hash: DAF02075901A21CAD33313104CA4F6A7318AF50701F668A7EB803F5088D738CD808B8A
                                                                                                Function 003D007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8dd2b06276a89ad2b2a478a35c3394ff71725447ff2eee41123de0c422f4abbe
                                                                                                • Instruction ID: 70a4edd32aff6340eb718d8d26f7236efe2b9021975ed2c233ff461a8d21ac26
                                                                                                • Opcode Fuzzy Hash: 8dd2b06276a89ad2b2a478a35c3394ff71725447ff2eee41123de0c422f4abbe
                                                                                                • Instruction Fuzzy Hash: 3EC14876A00206EFCB19CFA4D894BAEB7B5FF48B04F118599E505EB251D731EE41CB90
                                                                                                Function 003F342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 1998397398-0
                                                                                                • Opcode ID: a30e4dacde29ec917a3484465c4eb78640a9e5cfe556ed7c8a55f678bd6965a3
                                                                                                • Instruction ID: aec02535cc21711c1734331fb01b77ea6143af35aecb5c0fdf1cfe2ae201432c
                                                                                                • Opcode Fuzzy Hash: a30e4dacde29ec917a3484465c4eb78640a9e5cfe556ed7c8a55f678bd6965a3
                                                                                                • Instruction Fuzzy Hash: 0BA15A752043049FC712EF24C485A2AB7E5FF89724F148859F98A9F362DB34EE05CB51
                                                                                                Function 003D0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0040FC08,?), ref: 003D05F0
                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0040FC08,?), ref: 003D0608
                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,0040CC40,000000FF,?,00000000,00000800,00000000,?,0040FC08,?), ref: 003D062D
                                                                                                • _memcmp.LIBVCRUNTIME ref: 003D064E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 314563124-0
                                                                                                • Opcode ID: ad49083838302ddf5185b4e15fba39664945dfd16610cf8f5f94dec9f1052de1
                                                                                                • Instruction ID: 6eb6a6696cbecaddd66c82275fe18df47c6d7595c5a5d8bd648bde9389f2e3fd
                                                                                                • Opcode Fuzzy Hash: ad49083838302ddf5185b4e15fba39664945dfd16610cf8f5f94dec9f1052de1
                                                                                                • Instruction Fuzzy Hash: FF814C72A00109EFCB05DF94D984EEEB7B9FF89715F204199E506AB250DB71AE06CF60
                                                                                                Function 003FA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 003FA6AC
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 003FA6BA
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 003FA79C
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003FA7AB
                                                                                                  • Part of subcall function 0038CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,003B3303,?), ref: 0038CE8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 1991900642-0
                                                                                                • Opcode ID: 682420a13a9b530c52632075386c8083c4837893f70b6c0f3cd5d956732dbbb3
                                                                                                • Instruction ID: e230ab4ba1e4a22a823beb25e24542fbb664b10faac913834afa9a37425a6b23
                                                                                                • Opcode Fuzzy Hash: 682420a13a9b530c52632075386c8083c4837893f70b6c0f3cd5d956732dbbb3
                                                                                                • Instruction Fuzzy Hash: 0C5151B15047009FD711EF24C886E6BBBE8FF89754F00892DF5899B252EB34D904CB92
                                                                                                Function 003B1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: c18ac5d5a9934cb032b499ca9129d4767dc9c6ee51c025a8ff102a3a7efda99c
                                                                                                • Instruction ID: 08f51a54cfe0ba7cf6fd7ea276182b4c5cf8be0df09eca96b9e6899b799fd01e
                                                                                                • Opcode Fuzzy Hash: c18ac5d5a9934cb032b499ca9129d4767dc9c6ee51c025a8ff102a3a7efda99c
                                                                                                • Instruction Fuzzy Hash: 0E417C35A00100AFDF236BBE8C567FE3AB4EF42334F650626F618DA992E63049015362
                                                                                                Function 00406278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 004062E2
                                                                                                • ScreenToClient.USER32(?,?), ref: 00406315
                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00406382
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                • String ID:
                                                                                                • API String ID: 3880355969-0
                                                                                                • Opcode ID: bc65e7e986b92cdd9ad05382d0d04d74e5156d0cbd415e0fa4d3e9939166a424
                                                                                                • Instruction ID: bc38aa7035e94a66ab3beab974b59b9560f5161e42fdaeb71c6ce4e86e74fe68
                                                                                                • Opcode Fuzzy Hash: bc65e7e986b92cdd9ad05382d0d04d74e5156d0cbd415e0fa4d3e9939166a424
                                                                                                • Instruction Fuzzy Hash: 2B512D74900209EFDB20DF54D980AAE7BB5EB45360F11826AF816AB3E0D734ED91CB94
                                                                                                Function 003F1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 003F1AFD
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F1B0B
                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 003F1B8A
                                                                                                • WSAGetLastError.WSOCK32 ref: 003F1B94
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$socket
                                                                                                • String ID:
                                                                                                • API String ID: 1881357543-0
                                                                                                • Opcode ID: 049a408468be41a14b54390b4b37757b97a9345e812b19eb80378b8f87338352
                                                                                                • Instruction ID: 343cf156f22efebc942f0ac8d8c60fe87f3da2167850515919a7c15a3c20f096
                                                                                                • Opcode Fuzzy Hash: 049a408468be41a14b54390b4b37757b97a9345e812b19eb80378b8f87338352
                                                                                                • Instruction Fuzzy Hash: 9C41AD34640200AFE722AF24D886F3A77E5AB44718F54C598FA1A9F3D3D776ED418B90
                                                                                                Function 003AB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3a90aad6943160051c8eb90561041aa810da2cf2716d71afa4c535cf3d9bb018
                                                                                                • Instruction ID: e1e42903030d84c490ea3d739e69bf01dcedd8d67b55685c86673f6e6d323c83
                                                                                                • Opcode Fuzzy Hash: 3a90aad6943160051c8eb90561041aa810da2cf2716d71afa4c535cf3d9bb018
                                                                                                • Instruction Fuzzy Hash: D0410476A00304AFD7269F79CC41BAABBA9EF8A710F10852EF541DF683D771A9018780
                                                                                                Function 003E56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003E5783
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 003E57A9
                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003E57CE
                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003E57FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                • String ID:
                                                                                                • API String ID: 3321077145-0
                                                                                                • Opcode ID: fee7ff5ad8c58281fc3e87e93232cbc1161ad11f27205b157a2b662a8e71bdd6
                                                                                                • Instruction ID: 7bcdbdd793ecf0710fe0296db54771dfbbd90d2abe9417b7bd65b20f474047a3
                                                                                                • Opcode Fuzzy Hash: fee7ff5ad8c58281fc3e87e93232cbc1161ad11f27205b157a2b662a8e71bdd6
                                                                                                • Instruction Fuzzy Hash: 1241FF35600610DFCB22DF15C585A5DBBE2EF89724B19C498E84A6F361CB34FD41CB91
                                                                                                Function 003AD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,00396D71,00000000,00000000,003982D9,?,003982D9,?,00000001,00396D71,?,00000001,003982D9,003982D9), ref: 003AD910
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003AD999
                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 003AD9AB
                                                                                                • __freea.LIBCMT ref: 003AD9B4
                                                                                                  • Part of subcall function 003A3820: RtlAllocateHeap.NTDLL(00000000,?,00441444,?,0038FDF5,?,?,0037A976,00000010,00441440,003713FC,?,003713C6,?,00371129), ref: 003A3852
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                • String ID:
                                                                                                • API String ID: 2652629310-0
                                                                                                • Opcode ID: 08a4c5e98d4a9a379b0725b2d9cded54c3f79c25bc6b6b25444f2aad4d8b85ec
                                                                                                • Instruction ID: 90b99929bc100c4249d94b150afd1fdd0a97087ec7f1fbad110c1e54bd93adc5
                                                                                                • Opcode Fuzzy Hash: 08a4c5e98d4a9a379b0725b2d9cded54c3f79c25bc6b6b25444f2aad4d8b85ec
                                                                                                • Instruction Fuzzy Hash: CD31B072A0020AABDF269F64DC85EAF7BA9EB42310F064268FC05DB150EB35CD54CB90
                                                                                                Function 004052C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405352
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00405375
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405382
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 004053A8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                • String ID:
                                                                                                • API String ID: 3340791633-0
                                                                                                • Opcode ID: 69d27c31603481ed808054dc6d6e5df7a8bcf7c1e675319bf3430764ba9294d4
                                                                                                • Instruction ID: 13be3864b6b11c1d6562733497500c0b5f2264252ca81f8c96192a632b8b1681
                                                                                                • Opcode Fuzzy Hash: 69d27c31603481ed808054dc6d6e5df7a8bcf7c1e675319bf3430764ba9294d4
                                                                                                • Instruction Fuzzy Hash: 7A31A334A55A08EFEB309B14DC46BEB7765EB05390F584123FE10B62E1C7B99980DF4A
                                                                                                Function 003DAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 003DABF1
                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 003DAC0D
                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 003DAC74
                                                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 003DACC6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                • String ID:
                                                                                                • API String ID: 432972143-0
                                                                                                • Opcode ID: 28ecd1f2541504db5b777c4dddafba9d3a94698062a3e0cd49974bebd3daa4aa
                                                                                                • Instruction ID: 55e37060ad6dd607b48ef2542e8b9750a5bab41a3cd29e82866c02b3be7ed8d4
                                                                                                • Opcode Fuzzy Hash: 28ecd1f2541504db5b777c4dddafba9d3a94698062a3e0cd49974bebd3daa4aa
                                                                                                • Instruction Fuzzy Hash: 63312872A24A18AFEF36CB64AD047FA7BA5AB85330F04471BE481D73D0C37589858792
                                                                                                Function 00407674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ClientToScreen.USER32(?,?), ref: 0040769A
                                                                                                • GetWindowRect.USER32(?,?), ref: 00407710
                                                                                                • PtInRect.USER32(?,?,00408B89), ref: 00407720
                                                                                                • MessageBeep.USER32(00000000), ref: 0040778C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1352109105-0
                                                                                                • Opcode ID: 4f1c448effee9258bd9d60a8eafa0fba12754be6abe1cc1ebd6b8c0df8a46f2b
                                                                                                • Instruction ID: e95cdfee989b3f10d94f70fa97d84ababe46cfb985c253f51d19e32c56e23173
                                                                                                • Opcode Fuzzy Hash: 4f1c448effee9258bd9d60a8eafa0fba12754be6abe1cc1ebd6b8c0df8a46f2b
                                                                                                • Instruction Fuzzy Hash: 2141B038A05214DFCB01DF58C894EA977F0FB49354F1441BAE814AB3A1C739B941CF95
                                                                                                Function 004016DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32 ref: 004016EB
                                                                                                  • Part of subcall function 003D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003D3A57
                                                                                                  • Part of subcall function 003D3A3D: GetCurrentThreadId.KERNEL32 ref: 003D3A5E
                                                                                                  • Part of subcall function 003D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003D25B3), ref: 003D3A65
                                                                                                • GetCaretPos.USER32(?), ref: 004016FF
                                                                                                • ClientToScreen.USER32(00000000,?), ref: 0040174C
                                                                                                • GetForegroundWindow.USER32 ref: 00401752
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                • String ID:
                                                                                                • API String ID: 2759813231-0
                                                                                                • Opcode ID: 6847cf094a1f7a631cf97768621d9298745b2e33482693380ddd75f0b7d62c97
                                                                                                • Instruction ID: 8a37b63593b98e32b43c6e6944cd8a97f9019bb39678d9efcaff48779cc40b37
                                                                                                • Opcode Fuzzy Hash: 6847cf094a1f7a631cf97768621d9298745b2e33482693380ddd75f0b7d62c97
                                                                                                • Instruction Fuzzy Hash: 25314F75D00149AFC711EFA9C8C1CAEBBF9EF48304B5080AAE415EB251E7359E45CBA1
                                                                                                Function 003DDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00377620: _wcslen.LIBCMT ref: 00377625
                                                                                                • _wcslen.LIBCMT ref: 003DDFCB
                                                                                                • _wcslen.LIBCMT ref: 003DDFE2
                                                                                                • _wcslen.LIBCMT ref: 003DE00D
                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 003DE018
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                                                • String ID:
                                                                                                • API String ID: 3763101759-0
                                                                                                • Opcode ID: 8a66b4c0497a0770feb90bdd980ee37073a069706aa3d22e299a7c9b2ef31c18
                                                                                                • Instruction ID: 3e425332f93ee8e934ee71d372d90dc12c1817c2aba112abc5c7e749a62b8115
                                                                                                • Opcode Fuzzy Hash: 8a66b4c0497a0770feb90bdd980ee37073a069706aa3d22e299a7c9b2ef31c18
                                                                                                • Instruction Fuzzy Hash: EF219172900214AFCB22EFA8D982BAEBBF8EF45750F154065E805BF345D6749E41CBA1
                                                                                                Function 00408FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • GetCursorPos.USER32(?), ref: 00409001
                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,003C7711,?,?,?,?,?), ref: 00409016
                                                                                                • GetCursorPos.USER32(?), ref: 0040905E
                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,003C7711,?,?,?), ref: 00409094
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2864067406-0
                                                                                                • Opcode ID: 1c195a3700be5e665a47844bfece78641caaa69c6941a44c5c43c059dd434bd3
                                                                                                • Instruction ID: e67da235173500ba7486da621d8e9a2964b90b1a9f9bc05fb50ddfbf374c5aa7
                                                                                                • Opcode Fuzzy Hash: 1c195a3700be5e665a47844bfece78641caaa69c6941a44c5c43c059dd434bd3
                                                                                                • Instruction Fuzzy Hash: 80219C35600018EFDB268F94CC98EEB7BB9EB8A350F044166F9456B2A2C3359D90DB64
                                                                                                Function 003DD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNEL32(?,0040CB68), ref: 003DD2FB
                                                                                                • GetLastError.KERNEL32 ref: 003DD30A
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 003DD319
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0040CB68), ref: 003DD376
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                • String ID:
                                                                                                • API String ID: 2267087916-0
                                                                                                • Opcode ID: b64824aa7ec80252d7c5911b6c6fe4c4edd74b1470543db255b6f369d499a64e
                                                                                                • Instruction ID: 8f1607e508b986d19474a230c8af854d697a5a2b751a32fea13d42665307c364
                                                                                                • Opcode Fuzzy Hash: b64824aa7ec80252d7c5911b6c6fe4c4edd74b1470543db255b6f369d499a64e
                                                                                                • Instruction Fuzzy Hash: CC219F75508201DFC311DF28E88196A77E8AE56324F104B6EF499D73E1D731D945CB93
                                                                                                Function 003D1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003D102A
                                                                                                  • Part of subcall function 003D1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003D1036
                                                                                                  • Part of subcall function 003D1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003D1045
                                                                                                  • Part of subcall function 003D1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003D104C
                                                                                                  • Part of subcall function 003D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003D1062
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 003D15BE
                                                                                                • _memcmp.LIBVCRUNTIME ref: 003D15E1
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003D1617
                                                                                                • HeapFree.KERNEL32(00000000), ref: 003D161E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 1592001646-0
                                                                                                • Opcode ID: 0e638a9559f547134259545263fb8117005c942c34681e21b1eb33794f133fb1
                                                                                                • Instruction ID: 7416fa23d7db843bd44ea4f273fbd52d8e9b2f6b4f01050bb796c84fb70c1d8a
                                                                                                • Opcode Fuzzy Hash: 0e638a9559f547134259545263fb8117005c942c34681e21b1eb33794f133fb1
                                                                                                • Instruction Fuzzy Hash: 2C21AC32E00108FFDF01DFA4E944BEEB7B8EF40344F09445AE841AB241E734AA48CBA0
                                                                                                Function 00402782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0040280A
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00402824
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00402832
                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00402840
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                • String ID:
                                                                                                • API String ID: 2169480361-0
                                                                                                • Opcode ID: 0a56572f45eba3f7ad0a19281c6abca1c9a6b19b4cc1cfb032e0e3880912e499
                                                                                                • Instruction ID: d4444f61135fdcdcf536200523251423800f17eec1c8142fabaaedb633d4727e
                                                                                                • Opcode Fuzzy Hash: 0a56572f45eba3f7ad0a19281c6abca1c9a6b19b4cc1cfb032e0e3880912e499
                                                                                                • Instruction Fuzzy Hash: 02210635204510AFD7149B24CD88F6AB7A5AF46324F14826AF4169B6D2CBB9FC42CB94
                                                                                                Function 003D78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 003D8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,003D790A,?,000000FF,?,003D8754,00000000,?,0000001C,?,?), ref: 003D8D8C
                                                                                                  • Part of subcall function 003D8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 003D8DB2
                                                                                                  • Part of subcall function 003D8D7D: lstrcmpiW.KERNEL32(00000000,?,003D790A,?,000000FF,?,003D8754,00000000,?,0000001C,?,?), ref: 003D8DE3
                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,003D8754,00000000,?,0000001C,?,?,00000000), ref: 003D7923
                                                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 003D7949
                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,003D8754,00000000,?,0000001C,?,?,00000000), ref: 003D7984
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                • String ID: cdecl
                                                                                                • API String ID: 4031866154-3896280584
                                                                                                • Opcode ID: 3005f361c995bda909678bcfa249fa480b1a4430bd3feb50ba92dea7524a07a0
                                                                                                • Instruction ID: 4e500ab4395c3900cea2abb8eab0d2b935bea3ec0a9502acbfb06d327cc3c31f
                                                                                                • Opcode Fuzzy Hash: 3005f361c995bda909678bcfa249fa480b1a4430bd3feb50ba92dea7524a07a0
                                                                                                • Instruction Fuzzy Hash: B111B43B200302ABCB16AF34E855D7A77A9FF85350B50402BE946CB3A4FB319811C765
                                                                                                Function 00407CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00407D0B
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00407D2A
                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00407D42
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,003EB7AD,00000000), ref: 00407D6B
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID:
                                                                                                • API String ID: 847901565-0
                                                                                                • Opcode ID: 279f278070b51376ec31736a893c2efa5863512360021d74349532643a6797ae
                                                                                                • Instruction ID: c7bd105eba2e9db17dec4f309e929c85c82113a289167b90d24f6851382e8757
                                                                                                • Opcode Fuzzy Hash: 279f278070b51376ec31736a893c2efa5863512360021d74349532643a6797ae
                                                                                                • Instruction Fuzzy Hash: E311D235A05614AFDB109F28CC04E663BA4AF46360B254735F835E72F0E734E951CB58
                                                                                                Function 00405660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 004056BB
                                                                                                • _wcslen.LIBCMT ref: 004056CD
                                                                                                • _wcslen.LIBCMT ref: 004056D8
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00405816
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 455545452-0
                                                                                                • Opcode ID: 2f570ac0221d3396aa1eacb79db4d5dc7bafc2abc2d812b27dc551994fe60803
                                                                                                • Instruction ID: 6f0c3cd85845ba989dbd150f2c1abcd6329070a6c1938999055a29ff7ed47768
                                                                                                • Opcode Fuzzy Hash: 2f570ac0221d3396aa1eacb79db4d5dc7bafc2abc2d812b27dc551994fe60803
                                                                                                • Instruction Fuzzy Hash: 6A11DF75A00608A6DF20EB61CC85AEF37ACEF00360B104437F905A61C1EB788A85CF69
                                                                                                Function 003A1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 17363bdaff99cf03885f12c4fd398e2d8a9c61eb70b8023598e149339a33bbf4
                                                                                                • Instruction ID: 1bb386900909b2400ac058fda6b7acef9296659fa2b228a64c32e3c0453b9f1f
                                                                                                • Opcode Fuzzy Hash: 17363bdaff99cf03885f12c4fd398e2d8a9c61eb70b8023598e149339a33bbf4
                                                                                                • Instruction Fuzzy Hash: 6501ADB3209A167EF66226786CC0F37761CDF837B8F310329F521A51D2DB708C004164
                                                                                                Function 003D1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 003D1A47
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003D1A59
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003D1A6F
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003D1A8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: d4b58147be752bd7596c6278f0bd53d16ab03dcdeaadde065cd3a0eb6b42268e
                                                                                                • Instruction ID: 7ee34051d9f25b7b5d4b5fcf29124fa19cc497be21c0666ea474700358025f65
                                                                                                • Opcode Fuzzy Hash: d4b58147be752bd7596c6278f0bd53d16ab03dcdeaadde065cd3a0eb6b42268e
                                                                                                • Instruction Fuzzy Hash: 3C113C7AD01219FFEB11DBA4DD85FADBB78EB04750F210092E600B7290D671AE50DB94
                                                                                                Function 003DE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 003DE1FD
                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 003DE230
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 003DE246
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 003DE24D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                • String ID:
                                                                                                • API String ID: 2880819207-0
                                                                                                • Opcode ID: f3e8ced0fa635e5b29a242c8ae24333878e8ea13fdc48cf99b88bfc7d1417a75
                                                                                                • Instruction ID: ae988cbf814264dd2e6599d8f508712a5dffee3f5d6ed88188b0b30178f7eb97
                                                                                                • Opcode Fuzzy Hash: f3e8ced0fa635e5b29a242c8ae24333878e8ea13fdc48cf99b88bfc7d1417a75
                                                                                                • Instruction Fuzzy Hash: 3C110876904214BBD702AFA8EC45A9F7FAC9B45310F00472AF924E7390D270DE0487A4
                                                                                                Function 0039D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateThread.KERNEL32(00000000,?,0039CFF9,00000000,00000004,00000000), ref: 0039D218
                                                                                                • GetLastError.KERNEL32 ref: 0039D224
                                                                                                • __dosmaperr.LIBCMT ref: 0039D22B
                                                                                                • ResumeThread.KERNEL32(00000000), ref: 0039D249
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                • String ID:
                                                                                                • API String ID: 173952441-0
                                                                                                • Opcode ID: 364334752f3793f78fa67e507f23205966e22d41724897fa104abd3ba434f8e8
                                                                                                • Instruction ID: c22bac48676e12c0acbdd9f825087ac7b4a81b330d049dc4aa25baeb7fb6b30f
                                                                                                • Opcode Fuzzy Hash: 364334752f3793f78fa67e507f23205966e22d41724897fa104abd3ba434f8e8
                                                                                                • Instruction Fuzzy Hash: 8C01F536805208BBDF135BA5DC0ABAF7A6DDF81730F210729F9259A1D0CB71C901C7A0
                                                                                                Function 00409EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00389BB2
                                                                                                • GetClientRect.USER32(?,?), ref: 00409F31
                                                                                                • GetCursorPos.USER32(?), ref: 00409F3B
                                                                                                • ScreenToClient.USER32(?,?), ref: 00409F46
                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00409F7A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                • String ID:
                                                                                                • API String ID: 4127811313-0
                                                                                                • Opcode ID: 9eb58ac7a333ca0bcaf7f6767713da7d3a7767e25546937979cf9d198cc1ff36
                                                                                                • Instruction ID: ce7443d4789e3fb0a68ee43b1d6ff0aec5acdeb4527d1600a2af759323b9142a
                                                                                                • Opcode Fuzzy Hash: 9eb58ac7a333ca0bcaf7f6767713da7d3a7767e25546937979cf9d198cc1ff36
                                                                                                • Instruction Fuzzy Hash: 0311363690011AEBDB10EF69D8899EE77B8EB45311F000566F901F3191D738BE81CBA9
                                                                                                Function 0037600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0037604C
                                                                                                • GetStockObject.GDI32(00000011), ref: 00376060
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 0037606A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3970641297-0
                                                                                                • Opcode ID: 474a5697a8304ff00c610a4c072b8647a00d40b492c5948fba18c544ff06eff5
                                                                                                • Instruction ID: 86947eb8f7cdd346bf0f2273489926bb8f2132cb39b7c025be7cb114edb46763
                                                                                                • Opcode Fuzzy Hash: 474a5697a8304ff00c610a4c072b8647a00d40b492c5948fba18c544ff06eff5
                                                                                                • Instruction Fuzzy Hash: 0F118B72105909BFEF224FA48C95AEABB6DEF083A4F014215FA0852020C7369C60EFA0
                                                                                                Function 00393B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00393B56
                                                                                                  • Part of subcall function 00393AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00393AD2
                                                                                                  • Part of subcall function 00393AA3: ___AdjustPointer.LIBCMT ref: 00393AED
                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00393B6B
                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00393B7C
                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00393BA4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                • String ID:
                                                                                                • API String ID: 737400349-0
                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                • Instruction ID: 382909c6f94ad7715d729f14d3fbbfb84f4fb08eb09353399be9a54788cee36b
                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                • Instruction Fuzzy Hash: 7E01E972100149BBDF126E95CC46EEB7B6AFF58754F054014FE489A121D732E962EBA0
                                                                                                Function 003A3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,003713C6,00000000,00000000,?,003A301A,003713C6,00000000,00000000,00000000,?,003A328B,00000006,FlsSetValue), ref: 003A30A5
                                                                                                • GetLastError.KERNEL32(?,003A301A,003713C6,00000000,00000000,00000000,?,003A328B,00000006,FlsSetValue,00412290,FlsSetValue,00000000,00000364,?,003A2E46), ref: 003A30B1
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,003A301A,003713C6,00000000,00000000,00000000,?,003A328B,00000006,FlsSetValue,00412290,FlsSetValue,00000000), ref: 003A30BF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 3177248105-0
                                                                                                • Opcode ID: b7ba2b197775b3b3cc0210b8dc92956bf1900b1bc3134eb28fcaf81f8bfb28a1
                                                                                                • Instruction ID: 155dc8fb6abe1cd149c64a8fe6da39e222e768c239c851da64f90ca1a86830d6
                                                                                                • Opcode Fuzzy Hash: b7ba2b197775b3b3cc0210b8dc92956bf1900b1bc3134eb28fcaf81f8bfb28a1
                                                                                                • Instruction Fuzzy Hash: 31018836751222EBC7228B799C889677B98DF467A1B214734F907E7190D731D901C6D4
                                                                                                Function 003D7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 003D747F
                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 003D7497
                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 003D74AC
                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 003D74CA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                • String ID:
                                                                                                • API String ID: 1352324309-0
                                                                                                • Opcode ID: bb49b5b94c190b8b5a5631cef762bc6ec09a0749961207164fd56ba7c83d3490
                                                                                                • Instruction ID: b2ed2c573423b10b5fa4e0f80f26f438f5a684721876a51a1131a816bec1d6a8
                                                                                                • Opcode Fuzzy Hash: bb49b5b94c190b8b5a5631cef762bc6ec09a0749961207164fd56ba7c83d3490
                                                                                                • Instruction Fuzzy Hash: FD11C4B2205310DFE7228F15ED48FA2BFFCFB00B00F10856AA616D6691E770E904DB90
                                                                                                Function 003DB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,003DACD3,?,00008000), ref: 003DB0C4
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,003DACD3,?,00008000), ref: 003DB0E9
                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,003DACD3,?,00008000), ref: 003DB0F3
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,003DACD3,?,00008000), ref: 003DB126
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                • String ID:
                                                                                                • API String ID: 2875609808-0
                                                                                                • Opcode ID: 28ac3ecf01d71ae31c177010b917c685cd54465985c78b78ef326357e911b80b
                                                                                                • Instruction ID: 49f7528fe59dfbbd69d5128809656e20b97d6f5ecdb8fa88b547598b31b1686d
                                                                                                • Opcode Fuzzy Hash: 28ac3ecf01d71ae31c177010b917c685cd54465985c78b78ef326357e911b80b
                                                                                                • Instruction Fuzzy Hash: D4116D32C0162CE7CF01AFE4E999AEEFB78FF09711F124196D981B6281CB3096508B95
                                                                                                Function 00407E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 00407E33
                                                                                                • ScreenToClient.USER32(?,?), ref: 00407E4B
                                                                                                • ScreenToClient.USER32(?,?), ref: 00407E6F
                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                • String ID:
                                                                                                • API String ID: 357397906-0
                                                                                                • Opcode ID: 1d01f95f9ed2bc4fc367747f97ef122e1fbf8744c4302cf985c5bb6a0d2add8c
                                                                                                • Instruction ID: 3d12bd2d631e4ca6d3062004bfd93c83c9b2e1d53ce5b362349bf4a8124aa7b9
                                                                                                • Opcode Fuzzy Hash: 1d01f95f9ed2bc4fc367747f97ef122e1fbf8744c4302cf985c5bb6a0d2add8c
                                                                                                • Instruction Fuzzy Hash: 741163B9D0020AEFDB41DF98C9849EEBBF5FB08310F104166E911E3250D735AA54CF95
                                                                                                Function 003D2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003D2DC5
                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 003D2DD6
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 003D2DDD
                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 003D2DE4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2710830443-0
                                                                                                • Opcode ID: d000fac8b0647eca5cd59c75b24c9fd434291408a44372412f3d8ba5a54078da
                                                                                                • Instruction ID: 2ac6322734782727c6842e773ad7e6baa95463fd786b623698ca9c7b377ede8b
                                                                                                • Opcode Fuzzy Hash: d000fac8b0647eca5cd59c75b24c9fd434291408a44372412f3d8ba5a54078da
                                                                                                • Instruction Fuzzy Hash: BEE09272141224FBD7301B72AD4DFEB3E6DEF56BA1F000626F505E11809AB1C840C6B0
                                                                                                Function 00408863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00389639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00389693
                                                                                                  • Part of subcall function 00389639: SelectObject.GDI32(?,00000000), ref: 003896A2
                                                                                                  • Part of subcall function 00389639: BeginPath.GDI32(?), ref: 003896B9
                                                                                                  • Part of subcall function 00389639: SelectObject.GDI32(?,00000000), ref: 003896E2
                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00408887
                                                                                                • LineTo.GDI32(?,?,?), ref: 00408894
                                                                                                • EndPath.GDI32(?), ref: 004088A4
                                                                                                • StrokePath.GDI32(?), ref: 004088B2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                • String ID:
                                                                                                • API String ID: 1539411459-0
                                                                                                • Opcode ID: ff770ab50176afb24cb317137261ae12a194e149ee3b79137ba0131fb0949ae9
                                                                                                • Instruction ID: a014d5348402b5a3df1471037bcb05c2f5e3d9256099cb4b954ddf91a8baf2c2
                                                                                                • Opcode Fuzzy Hash: ff770ab50176afb24cb317137261ae12a194e149ee3b79137ba0131fb0949ae9
                                                                                                • Instruction Fuzzy Hash: 04F09A36002218FAEB122F94AD09FCA3E19AF06310F048121FA01750E1C7780550CFED
                                                                                                Function 003898B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000008), ref: 003898CC
                                                                                                • SetTextColor.GDI32(?,?), ref: 003898D6
                                                                                                • SetBkMode.GDI32(?,00000001), ref: 003898E9
                                                                                                • GetStockObject.GDI32(00000005), ref: 003898F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                • String ID:
                                                                                                • API String ID: 4037423528-0
                                                                                                • Opcode ID: 133b53849db16ceae6bdd1af511436cc3935637ce258c73288c3d3a00dbdf371
                                                                                                • Instruction ID: d7ea22e0875fbdccc80a0775d1be24435590882980a6f517335f8efbe6a3c140
                                                                                                • Opcode Fuzzy Hash: 133b53849db16ceae6bdd1af511436cc3935637ce258c73288c3d3a00dbdf371
                                                                                                • Instruction Fuzzy Hash: D9E06531244240EEDB215B74AD49BE83F10AB52335F048329FAF5A80E1C77146519F10
                                                                                                Function 003D162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThread.KERNEL32 ref: 003D1634
                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,003D11D9), ref: 003D163B
                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,003D11D9), ref: 003D1648
                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,003D11D9), ref: 003D164F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                • String ID:
                                                                                                • API String ID: 3974789173-0
                                                                                                • Opcode ID: a9a4cd331fcc5c3c4db30c7dbcb1d37b256951b43dbaa900aed705bb2cf64793
                                                                                                • Instruction ID: 053bc463617d07955b3b9fea2bc1858508215bf9070a26825e3f6b149dd92918
                                                                                                • Opcode Fuzzy Hash: a9a4cd331fcc5c3c4db30c7dbcb1d37b256951b43dbaa900aed705bb2cf64793
                                                                                                • Instruction Fuzzy Hash: 62E08632601211EBE7201FF0AF4DB463B7CAF44791F158929F645E9080D6348440C798
                                                                                                Function 003CD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDesktopWindow.USER32 ref: 003CD858
                                                                                                • GetDC.USER32(00000000), ref: 003CD862
                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 003CD882
                                                                                                • ReleaseDC.USER32(?), ref: 003CD8A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2889604237-0
                                                                                                • Opcode ID: 13e43656d5eb0c68bfc7edd9b06a1ac5fd633201950a4349bcdb88a8fa860f91
                                                                                                • Instruction ID: e9096da57c82a980d925e0ba5d8537ed7da6fa04f9fb6af8c519b4af3a7cebdb
                                                                                                • Opcode Fuzzy Hash: 13e43656d5eb0c68bfc7edd9b06a1ac5fd633201950a4349bcdb88a8fa860f91
                                                                                                • Instruction Fuzzy Hash: 2BE09AB5800205DFCF52AFA0DA88A6DBBB6FB08311F149569F846F7250CB399942AF54
                                                                                                Function 003CD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDesktopWindow.USER32 ref: 003CD86C
                                                                                                • GetDC.USER32(00000000), ref: 003CD876
                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 003CD882
                                                                                                • ReleaseDC.USER32(?), ref: 003CD8A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2889604237-0
                                                                                                • Opcode ID: 6a98bbe2127404e64e3bdc509e95853022be4d9a4b9ebadf632cca82d1ed9130
                                                                                                • Instruction ID: b96638ab04ea76a4c231268316cafaa0906ca4f4c15e49d778308e48dde0fd86
                                                                                                • Opcode Fuzzy Hash: 6a98bbe2127404e64e3bdc509e95853022be4d9a4b9ebadf632cca82d1ed9130
                                                                                                • Instruction Fuzzy Hash: 91E09AB5800204DFCF61AFA0D98866DBBB5BB08311F149559E94AF7250CB3959029F54
                                                                                                Function 003E4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00377620: _wcslen.LIBCMT ref: 00377625
                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 003E4ED4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Connection_wcslen
                                                                                                • String ID: *$LPT
                                                                                                • API String ID: 1725874428-3443410124
                                                                                                • Opcode ID: 0505d5712b598d400c5bf279f79521c66f1ec862eb90cfe8e57c8471bbf0f70b
                                                                                                • Instruction ID: 0ce32193688131c149b07976ff1f0d973c96178ec6abe6cfe59a87abea810cb2
                                                                                                • Opcode Fuzzy Hash: 0505d5712b598d400c5bf279f79521c66f1ec862eb90cfe8e57c8471bbf0f70b
                                                                                                • Instruction Fuzzy Hash: 6091C474A00254DFCB16DF55C484EAABBF5BF48704F198199E80A9F3A2C735ED86CB90
                                                                                                Function 0039E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 0039E30D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorHandling__start
                                                                                                • String ID: pow
                                                                                                • API String ID: 3213639722-2276729525
                                                                                                • Opcode ID: bcf31c5a36f9d94dd59d5dcd5208731adc98c2e6d462cc9d8b5e0a7c8ae2e4f0
                                                                                                • Instruction ID: f96b72e8917c9326d45635cb4090ed87d5d2c7dc1fe03af8c11652ea9161d880
                                                                                                • Opcode Fuzzy Hash: bcf31c5a36f9d94dd59d5dcd5208731adc98c2e6d462cc9d8b5e0a7c8ae2e4f0
                                                                                                • Instruction Fuzzy Hash: F2516E61A0C20296CF17F714CDC17BA3BA8EB42740F358D78E0D5862E9EB358C919A4A
                                                                                                Function 003F7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(003C569E,00000000,?,0040CC08,?,00000000,00000000), ref: 003F78DD
                                                                                                  • Part of subcall function 00376B57: _wcslen.LIBCMT ref: 00376B6A
                                                                                                • CharUpperBuffW.USER32(003C569E,00000000,?,0040CC08,00000000,?,00000000,00000000), ref: 003F783B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BuffCharUpper$_wcslen
                                                                                                • String ID: <sC
                                                                                                • API String ID: 3544283678-972554233
                                                                                                • Opcode ID: 9295956608ecd175517e8d6f5a8403551e86a2acf78e4533d3a0e2980281f70c
                                                                                                • Instruction ID: 62d494273189a23f25098033160bb6fc7d56985f88af82d8fd9d89915fa9af92
                                                                                                • Opcode Fuzzy Hash: 9295956608ecd175517e8d6f5a8403551e86a2acf78e4533d3a0e2980281f70c
                                                                                                • Instruction Fuzzy Hash: CE61527591411DEACF26EBA4CC92DFDB3B8BF14300B548125F646BB091EF785A05DBA0
                                                                                                Function 0038E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: #
                                                                                                • API String ID: 0-1885708031
                                                                                                • Opcode ID: ee6e8a7fb5eca653f615bb7750f26367f65ce865ebfa8574f602fe4701a5a453
                                                                                                • Instruction ID: 02cffc4429db72ee7eb44f3275926c2a96661c4892d98f4467e8d70da15e2a8b
                                                                                                • Opcode Fuzzy Hash: ee6e8a7fb5eca653f615bb7750f26367f65ce865ebfa8574f602fe4701a5a453
                                                                                                • Instruction Fuzzy Hash: B0510275500346DFDB27EF68C481BBA7BA8EF25310F248499EC91DB290D6349D52CBA0
                                                                                                Function 0038F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Sleep.KERNEL32(00000000), ref: 0038F2A2
                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 0038F2BB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                • String ID: @
                                                                                                • API String ID: 2783356886-2766056989
                                                                                                • Opcode ID: d1bae9dfd6ac2aa701057a6ff20cc6d1e1f843283a41879d9a46d1ead39f1516
                                                                                                • Instruction ID: 32b3328469abaa5a77be2f0068a9619b1d00ee9b06999c4a59282d14fffa6ee9
                                                                                                • Opcode Fuzzy Hash: d1bae9dfd6ac2aa701057a6ff20cc6d1e1f843283a41879d9a46d1ead39f1516
                                                                                                • Instruction Fuzzy Hash: 9F5164724187449BD331AF20DC86BAFBBF8FB94304F81885CF1D9450A5EB708529CB6A
                                                                                                Function 003F5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 003F57E0
                                                                                                • _wcslen.LIBCMT ref: 003F57EC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                • String ID: CALLARGARRAY
                                                                                                • API String ID: 157775604-1150593374
                                                                                                • Opcode ID: eee9f5a37841cb2ac9cddff1f1e9e0e78df1e96014624844001487e33f510615
                                                                                                • Instruction ID: 427e3a2d09943a711463f13c1a6880e829e912d5b9ffbe4f8c8c784f42e4b744
                                                                                                • Opcode Fuzzy Hash: eee9f5a37841cb2ac9cddff1f1e9e0e78df1e96014624844001487e33f510615
                                                                                                • Instruction Fuzzy Hash: 1E41A471E00209DFCB15EFA9C8819BEBBB5FF59350F11416AF605AB291E7349D81CB90
                                                                                                Function 003ED0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 003ED130
                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 003ED13A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CrackInternet_wcslen
                                                                                                • String ID: |
                                                                                                • API String ID: 596671847-2343686810
                                                                                                • Opcode ID: 0a02d7d5a790f9383f3cc9dc08e36431dcac69d0ef9b80cede116c055facda23
                                                                                                • Instruction ID: 1c30d1d08f4c80378a6e22574aeed2549226466778a9f3e7a612c7adde967300
                                                                                                • Opcode Fuzzy Hash: 0a02d7d5a790f9383f3cc9dc08e36431dcac69d0ef9b80cede116c055facda23
                                                                                                • Instruction Fuzzy Hash: F8313E71D00219ABCF16EFA5CD85EEE7FB9FF04300F004119F819AA162D735AA06DB61
                                                                                                Function 0040356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00403621
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0040365C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$DestroyMove
                                                                                                • String ID: static
                                                                                                • API String ID: 2139405536-2160076837
                                                                                                • Opcode ID: 11108c1f3a0fad221259b960de0e8253ef7b650a7a27f4e95025245d0d98be16
                                                                                                • Instruction ID: 32d6da8242b096c4aeb46cab2db2f9a6b24e53cc880a527e5ef11b1a358953c0
                                                                                                • Opcode Fuzzy Hash: 11108c1f3a0fad221259b960de0e8253ef7b650a7a27f4e95025245d0d98be16
                                                                                                • Instruction Fuzzy Hash: 9D31A171100604AADB20DF74DC80EBB77ADFF48714F10962EF895A7290DA39AD81C764
                                                                                                Function 00404537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0040461F
                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00404634
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: '
                                                                                                • API String ID: 3850602802-1997036262
                                                                                                • Opcode ID: a5baa77e7ddc583a5e809c3f5c4768b7b6e058d3c38e92e54d8a47580679dc2a
                                                                                                • Instruction ID: 4b9a1dca9b26412cbf88e3c337a3dd89499a02deb68cdf234c8267733541f754
                                                                                                • Opcode Fuzzy Hash: a5baa77e7ddc583a5e809c3f5c4768b7b6e058d3c38e92e54d8a47580679dc2a
                                                                                                • Instruction Fuzzy Hash: BB313DB4A01309AFDB14CFA5C980BDA7BB5FF89300F10447AEA04AB391E775A941CF94
                                                                                                Function 004031EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0040327C
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00403287
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: Combobox
                                                                                                • API String ID: 3850602802-2096851135
                                                                                                • Opcode ID: b2ae1c2465a2f43b88dc021fc4e433e8e9f97af36f56937e602f345ca4b23000
                                                                                                • Instruction ID: edaa5f3c3aa831077fe0a969cd538b4b0ba1af553172766865f2185be612a3fa
                                                                                                • Opcode Fuzzy Hash: b2ae1c2465a2f43b88dc021fc4e433e8e9f97af36f56937e602f345ca4b23000
                                                                                                • Instruction Fuzzy Hash: C411B2713002087FEF219F94DC81EBB3B6EEB983A5F10457AF918AB2D0D6399D518764
                                                                                                Function 00403710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0037600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0037604C
                                                                                                  • Part of subcall function 0037600E: GetStockObject.GDI32(00000011), ref: 00376060
                                                                                                  • Part of subcall function 0037600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0037606A
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0040377A
                                                                                                • GetSysColor.USER32(00000012), ref: 00403794
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                • String ID: static
                                                                                                • API String ID: 1983116058-2160076837
                                                                                                • Opcode ID: 3731b9627e053435bfe936fb5f7bb19ed6154c0bdc6d7d2320f0259b3f9b7b3d
                                                                                                • Instruction ID: 2620eaf5c9f76d8460e8b8c5f2de65ffceacc25b7ad43313c7a7773f22d631ce
                                                                                                • Opcode Fuzzy Hash: 3731b9627e053435bfe936fb5f7bb19ed6154c0bdc6d7d2320f0259b3f9b7b3d
                                                                                                • Instruction Fuzzy Hash: 9A1129B2610209AFDB11DFA8CC46EEA7BB8EB08315F004A25F955E3290D739E8619B54
                                                                                                Function 003ECD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003ECD7D
                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003ECDA6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$OpenOption
                                                                                                • String ID: <local>
                                                                                                • API String ID: 942729171-4266983199
                                                                                                • Opcode ID: 09b1b7203dba9b23f6c54cfc59b9ce8f6ebc115ca25bd257abad674cb2829ef0
                                                                                                • Instruction ID: ecf2ca49f2838c672a8055871e7415412e7547b4f4246d59216568d532b5854a
                                                                                                • Opcode Fuzzy Hash: 09b1b7203dba9b23f6c54cfc59b9ce8f6ebc115ca25bd257abad674cb2829ef0
                                                                                                • Instruction Fuzzy Hash: 0B11A371225672BAD7254B678C85EEBBEACEB127A4F005336B109930C0D6759842D6F0
                                                                                                Function 00403429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 004034AB
                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004034BA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                • String ID: edit
                                                                                                • API String ID: 2978978980-2167791130
                                                                                                • Opcode ID: 46c419ba51b0f7bbf17c16607aa2b1666ebb698c1bac3b0804362004de00cf0c
                                                                                                • Instruction ID: 3865e2c556960f7be338165a6936e74303dd8127eae46a7ca59d1d7b5d163567
                                                                                                • Opcode Fuzzy Hash: 46c419ba51b0f7bbf17c16607aa2b1666ebb698c1bac3b0804362004de00cf0c
                                                                                                • Instruction Fuzzy Hash: AC11BF71100108ABEB224F64DC80AAB3B6EEF05379F504735F960AB2E0C779EC519B59
                                                                                                Function 003D6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 003D6CB6
                                                                                                • _wcslen.LIBCMT ref: 003D6CC2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: STOP
                                                                                                • API String ID: 1256254125-2411985666
                                                                                                • Opcode ID: 9e5d0e75b1767cf058dee91c841c316f02ed082b370948eb994cb86db63c6e60
                                                                                                • Instruction ID: abc1a2d8340419db36dd74636faa12c94f7f0baedff8bfde01690853796e19d9
                                                                                                • Opcode Fuzzy Hash: 9e5d0e75b1767cf058dee91c841c316f02ed082b370948eb994cb86db63c6e60
                                                                                                • Instruction Fuzzy Hash: 5A0104336109278ACB22AFBDEC829BF33A9EB607107010536E87297295EB35D800C650
                                                                                                Function 003D1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003D3CCA
                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 003D1D4C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: 8f7bf87e958e2d483a63b3d774199150fdc71f4364a0b400169693bcff5cd147
                                                                                                • Instruction ID: 94e79ab38407e346d8d634ec71e20b0b59b7a9668b3462ee9d08b417a0c59ba8
                                                                                                • Opcode Fuzzy Hash: 8f7bf87e958e2d483a63b3d774199150fdc71f4364a0b400169693bcff5cd147
                                                                                                • Instruction Fuzzy Hash: 29012832610218BBCB16FBA0DC51DFE7369FB16350B10061BF8266B3C1EB3459088661
                                                                                                Function 003D1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003D3CCA
                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 003D1C46
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: 3cdd8979a12a75b72ea71249ec2da0b9ad62b7b27e51e469cdd2dddbd46c4983
                                                                                                • Instruction ID: 738f3b393fe58f31e8079f6b46e652d4c2c581ef720d461d16d5f2bc5ed5ad12
                                                                                                • Opcode Fuzzy Hash: 3cdd8979a12a75b72ea71249ec2da0b9ad62b7b27e51e469cdd2dddbd46c4983
                                                                                                • Instruction Fuzzy Hash: B401A776B9110477DF16EB90EE52EFF77AC9B15340F14011BA4067B382EA249E08D6B6
                                                                                                Function 003D1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003D3CCA
                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 003D1CC8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: 6618ef80113c123879e7eb66dc3dce8d6ca1cfe4fb2c174c2e4ff8859691e05d
                                                                                                • Instruction ID: 7329f3b73e06940a72ff569e19d612796ee26e93e3adc804a8d4b727f3c70344
                                                                                                • Opcode Fuzzy Hash: 6618ef80113c123879e7eb66dc3dce8d6ca1cfe4fb2c174c2e4ff8859691e05d
                                                                                                • Instruction Fuzzy Hash: B401A2B279011877CB26EBA0DA02FFE73ACAB11340F140117B80677381EA259F08D672
                                                                                                Function 0038A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 0038A529
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Init_thread_footer_wcslen
                                                                                                • String ID: ,%D$3y<
                                                                                                • API String ID: 2551934079-3079420674
                                                                                                • Opcode ID: 56ce6d8cab664613b43ecb53d864043d1815550aa53fda83210795c3970c0817
                                                                                                • Instruction ID: 846f43838b866db4a0c00779a2ca7e95264f80494b3304e79f3fb5e72f644bf1
                                                                                                • Opcode Fuzzy Hash: 56ce6d8cab664613b43ecb53d864043d1815550aa53fda83210795c3970c0817
                                                                                                • Instruction Fuzzy Hash: E7017B31700B109BEA17F368E80BBAD7364DB06710F5041A7F5451F2C2DF645D418B9B
                                                                                                Function 003D1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00379CB3: _wcslen.LIBCMT ref: 00379CBD
                                                                                                  • Part of subcall function 003D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003D3CCA
                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 003D1DD3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: 9a47d50e131279c5a0cfe0c8f7f9b6995c99e0e760d09884591733697aa64092
                                                                                                • Instruction ID: 98ecd8621f72bf1283bcdcd698de4199cb9e50e855644e009c2a5f7c81069fee
                                                                                                • Opcode Fuzzy Hash: 9a47d50e131279c5a0cfe0c8f7f9b6995c99e0e760d09884591733697aa64092
                                                                                                • Instruction Fuzzy Hash: 46F0F472B50214B7CB16E7A4EC52FFE736CAB15350F040A17B8266B3C1DB6459088661
                                                                                                Function 00408172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00443018,0044305C), ref: 004081BF
                                                                                                • CloseHandle.KERNEL32 ref: 004081D1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                • String ID: \0D
                                                                                                • API String ID: 3712363035-873512380
                                                                                                • Opcode ID: 9f451495f0f4c32b39adedff28c1f49a6f959be130f30092447b0d7c1a0cca8a
                                                                                                • Instruction ID: 97c2e66bbaa2716629e3c5e1a80ee840ee94bdbe8143f5bde66ab4e01e23b236
                                                                                                • Opcode Fuzzy Hash: 9f451495f0f4c32b39adedff28c1f49a6f959be130f30092447b0d7c1a0cca8a
                                                                                                • Instruction Fuzzy Hash: D6F054B5640300BAF7206F616C45F773A5CDB06B52F004531BF08E91A2D67A8E0082BC
                                                                                                Function 003F747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: 3, 3, 16, 1
                                                                                                • API String ID: 176396367-3042988571
                                                                                                • Opcode ID: 376cbd4b179227cf864863dfb2882fc165f799ed810a5ddfc9805dbd77ef7d3f
                                                                                                • Instruction ID: a5b6abfbc573c55feaf235a7d38e53c757b9dc51ad33babd88fde7381961b529
                                                                                                • Opcode Fuzzy Hash: 376cbd4b179227cf864863dfb2882fc165f799ed810a5ddfc9805dbd77ef7d3f
                                                                                                • Instruction Fuzzy Hash: F0E02B02204224109233227B9CC5E7F5689CFC9790710182BFA81C6366EB948D9293A0
                                                                                                Function 003D0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 003D0B23
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message
                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                • API String ID: 2030045667-4017498283
                                                                                                • Opcode ID: e685f7f831142b5056bb76d53205a1858eba1dfef3d01d7e7d6f57213e9d564d
                                                                                                • Instruction ID: c15205c0488cba405c7b0796a4654259ad18e8b610f769bc09dd49a99fff3248
                                                                                                • Opcode Fuzzy Hash: e685f7f831142b5056bb76d53205a1858eba1dfef3d01d7e7d6f57213e9d564d
                                                                                                • Instruction Fuzzy Hash: B0E04832248358AAD62537947C47F897B848F05F51F204477F758695C38AE5649046ED
                                                                                                Function 00390D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0038F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00390D71,?,?,?,0037100A), ref: 0038F7CE
                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,0037100A), ref: 00390D75
                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0037100A), ref: 00390D84
                                                                                                Strings
                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00390D7F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                • API String ID: 55579361-631824599
                                                                                                • Opcode ID: f031eaa54f7f438b3c07aa524f049fedeea34c8459adf5b2e189fee13f1a35d6
                                                                                                • Instruction ID: fd134f6c5296c28ea25f1b07d0765d9a78a7c5b6464fcf247dff7a5fb8d9a8ee
                                                                                                • Opcode Fuzzy Hash: f031eaa54f7f438b3c07aa524f049fedeea34c8459adf5b2e189fee13f1a35d6
                                                                                                • Instruction Fuzzy Hash: 5CE09274200301CFE735AFB8D5483427BE4BF00740F008A7DE896D6AA1DBB4E4488BD1
                                                                                                Function 0038E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 0038E3D5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Init_thread_footer
                                                                                                • String ID: 0%D$8%D
                                                                                                • API String ID: 1385522511-1400359183
                                                                                                • Opcode ID: 7fbd4e4030adf490951f390725bfb4141a491d6a1dc175e15d1562fd2e3d76d5
                                                                                                • Instruction ID: de898c257d9d28ba45ed541b4b0b8f8e227050e6163880294de797639826d858
                                                                                                • Opcode Fuzzy Hash: 7fbd4e4030adf490951f390725bfb4141a491d6a1dc175e15d1562fd2e3d76d5
                                                                                                • Instruction Fuzzy Hash: 77E0863D514B10EFDA0AB718BA55A8A3355EB46320BD151F6F1128B1D19FF42C41875D
                                                                                                Function 003E3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 003E302F
                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 003E3044
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Temp$FileNamePath
                                                                                                • String ID: aut
                                                                                                • API String ID: 3285503233-3010740371
                                                                                                • Opcode ID: bf5987f8cc74b0a3392f7e2a7ff8cb92830fcfc33dfb419cfab3f5e7503efd6f
                                                                                                • Instruction ID: 159d0f2ffdf41eb53683707d96a661d7e1e423c3ae3c76da6089df1953dfd18a
                                                                                                • Opcode Fuzzy Hash: bf5987f8cc74b0a3392f7e2a7ff8cb92830fcfc33dfb419cfab3f5e7503efd6f
                                                                                                • Instruction Fuzzy Hash: CBD05E72900328B7DA20A7A4AD4EFCB3A6CDB05750F0002A2B655E20D1DAB49984CAD4
                                                                                                Function 003CD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LocalTime
                                                                                                • String ID: %.3d$X64
                                                                                                • API String ID: 481472006-1077770165
                                                                                                • Opcode ID: 0c837d60bac277c81f5b1457e3770ccbdecd71264a05c44bd4f2e91df80e5348
                                                                                                • Instruction ID: 058939a7f77b9ae3e6d4ed50c16213c83579028ef10b7c4ee0a2dcf322ae4308
                                                                                                • Opcode Fuzzy Hash: 0c837d60bac277c81f5b1457e3770ccbdecd71264a05c44bd4f2e91df80e5348
                                                                                                • Instruction Fuzzy Hash: 10D01DA1C04104E9CB51B7D0CC45EB9B37CFB09301F504876F806D1840D634C9445751
                                                                                                Function 00402356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0040236C
                                                                                                • PostMessageW.USER32(00000000), ref: 00402373
                                                                                                  • Part of subcall function 003DE97B: Sleep.KERNEL32 ref: 003DE9F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 529655941-2988720461
                                                                                                • Opcode ID: a11d0083485e2de598a9c6f45a172ed70f3a0d41adc166abbff91502f4bccc92
                                                                                                • Instruction ID: 2dccd735ae6b0dc89b2a30e8e2965ab8ddb1b52ee538357693edb7262d6a49b0
                                                                                                • Opcode Fuzzy Hash: a11d0083485e2de598a9c6f45a172ed70f3a0d41adc166abbff91502f4bccc92
                                                                                                • Instruction Fuzzy Hash: 0BD0C976381310BAE668B770AD4FFCA6A189B04B14F514A267645AA1D0CAB4A8018A58
                                                                                                Function 00402322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0040232C
                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0040233F
                                                                                                  • Part of subcall function 003DE97B: Sleep.KERNEL32 ref: 003DE9F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 529655941-2988720461
                                                                                                • Opcode ID: b72c550128358227a7902a958c34b042a2dc12e79a189413421ee965e9f4b7e2
                                                                                                • Instruction ID: 84b216ca7d1902745604143ef9473b3e0135fdd2ed7f4bdcbc61397ec8c922f7
                                                                                                • Opcode Fuzzy Hash: b72c550128358227a7902a958c34b042a2dc12e79a189413421ee965e9f4b7e2
                                                                                                • Instruction Fuzzy Hash: E9D0C976395310F6E668B770AD5FFCA6A189B04B14F114A267645AA1D0CAB4A8018A58
                                                                                                Function 003ABDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 003ABE93
                                                                                                • GetLastError.KERNEL32 ref: 003ABEA1
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003ABEFC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1661121991.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                • Associated: 00000000.00000002.1661066778.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661201899.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661271933.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.1661289910.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1717984340-0
                                                                                                • Opcode ID: 6bbd5d56ccd623b90c4793ad244ccbbe53ee2f4d6d75252b58ee488243b86ffd
                                                                                                • Instruction ID: ae55942674c8d3092b6cda43f8910da6080c05b9cb46707fcd25426c5f73964e
                                                                                                • Opcode Fuzzy Hash: 6bbd5d56ccd623b90c4793ad244ccbbe53ee2f4d6d75252b58ee488243b86ffd
                                                                                                • Instruction Fuzzy Hash: 2341E735605246EFCF238F64DC54ABAFBA9EF43310F194269F9599B1A2DB308D01CB60